Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe

Overview

General Information

Sample name:SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
Analysis ID:1430961
MD5:199e8896119bd3fc3850e9b19eb98ab2
SHA1:b20795b8b98641cd1f3f79767ca2479d81af2a7e
SHA256:36c6dceee32c61fa35e3d2bc6699ca7d6fc0eee903f82876e1e1049d4b52e600
Tags:exe
Infos:

Detection

Score:28
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Multi AV Scanner detection for submitted file
Monitors registry run keys for changes
Tries to harvest and steal browser information (history, passwords, etc)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Drops PE files
Enables security privileges
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Steals Internet Explorer cookies
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe (PID: 7280 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe" MD5: 199E8896119BD3FC3850E9B19EB98AB2)
    • SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp (PID: 7296 cmdline: "C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp" /SL5="$20450,6944918,831488,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe" MD5: CCCE5E18D7E151BBFB8592DCB09AF84B)
      • PCCNotifications.exe (PID: 7380 cmdline: "C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe" MD5: FFCD8953CCB602777CE77EF08F6368C7)
      • PCCleaner.exe (PID: 7436 cmdline: "C:\Program Files (x86)\PC Cleaner\PCCleaner" /START MD5: F5AEC68E32818A9A647615FDA4414B65)
  • PCCNotifications.exe (PID: 7960 cmdline: "C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe" MD5: FFCD8953CCB602777CE77EF08F6368C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeVirustotal: Detection: 7%Perma Link
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C00A56D __EH_prolog3_catch_GS,GetTempPathW,CryptQueryObject,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringW,CertGetNameStringW,LocalAlloc,CertGetNameStringW,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,4_2_6C00A56D
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: -----BEGIN PUBLIC KEY-----4_2_6C036BC0
Source: PCCleaner.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.239.199.80:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.73.195:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.1.116:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.1.116:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: o[11][FILE]C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb`a source: PCCleaner.exe, 00000004.00000002.2983811248.0000000002B46000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\userJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
Source: global trafficHTTP traffic detected: POST /httpapi HTTP/1.1Host: api.playanext.comAccept: */*Content-Length: 419Content-Type: application/x-www-form-urlencodedData Raw: 61 70 69 5f 6b 65 79 3d 65 38 4f 46 67 6c 50 6c 55 77 61 55 51 59 67 39 6b 68 48 52 38 39 78 39 46 72 45 31 66 37 6d 31 33 38 37 68 51 45 49 6a 26 65 76 65 6e 74 3d 25 35 62 25 37 62 25 32 32 65 76 65 6e 74 5f 70 72 6f 70 65 72 74 69 65 73 25 32 32 25 33 61 25 37 62 25 32 32 64 69 73 74 72 69 62 75 74 6f 72 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 64 69 73 74 72 69 62 75 74 6f 72 5f 70 72 6f 64 75 63 74 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 6d 65 74 68 6f 64 5f 75 73 65 64 25 32 32 25 33 61 25 32 32 49 6e 69 74 69 61 6c 69 7a 65 25 32 32 25 32 63 25 32 32 6f 66 66 65 72 5f 70 72 6f 64 75 63 74 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 73 6f 75 72 63 65 25 32 32 25 33 61 25 32 32 50 6c 61 79 61 53 44 4b 25 32 30 43 25 32 62 25 32 62 25 32 30 76 31 2e 37 2e 33 25 32 32 25 32 63 25 32 32 75 73 65 72 5f 63 6f 75 6e 74 72 79 25 32 32 25 33 61 25 32 32 25 32 32 25 37 64 25 32 63 25 32 32 65 76 65 6e 74 5f 74 79 70 65 25 32 32 25 33 61 25 32 32 63 70 70 5f 73 64 6b 5f 73 74 61 72 74 75 70 25 32 32 25 32 63 25 32 32 69 70 25 32 32 25 33 61 25 32 32 25 32 34 72 65 6d 6f 74 65 25 32 32 25 32 63 25 32 32 73 65 73 73 69 6f 6e 5f 69 64 25 32 32 25 33 61 31 37 31 33 39 36 30 30 36 32 30 31 39 25 37 64 25 35 64 Data Ascii: api_key=e8OFglPlUwaUQYg9khHR89x9FrE1f7m1387hQEIj&event=%5b%7b%22event_properties%22%3a%7b%22distributor%22%3a%22%22%2c%22distributor_product%22%3a%22%22%2c%22method_used%22%3a%22Initialize%22%2c%22offer_product%22%3a%22%22%2c%22source%22%3a%22PlayaSDK%20C%2b%2b%20v1.7.3%22%2c%22user_country%22%3a%22%22%7d%2c%22event_type%22%3a%22cpp_sdk_startup%22%2c%22ip%22%3a%22%24remote%22%2c%22session_id%22%3a1713960062019%7d%5d
Source: global trafficHTTP traffic detected: POST /httpapi HTTP/1.1Host: api.playanext.comAccept: */*Content-Length: 685Content-Type: application/x-www-form-urlencodedData Raw: 61 70 69 5f 6b 65 79 3d 65 38 4f 46 67 6c 50 6c 55 77 61 55 51 59 67 39 6b 68 48 52 38 39 78 39 46 72 45 31 66 37 6d 31 33 38 37 68 51 45 49 6a 26 65 76 65 6e 74 3d 25 35 62 25 37 62 25 32 32 65 76 65 6e 74 5f 70 72 6f 70 65 72 74 69 65 73 25 32 32 25 33 61 25 37 62 25 32 32 64 69 73 74 72 69 62 75 74 6f 72 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 64 69 73 74 72 69 62 75 74 6f 72 5f 70 72 6f 64 75 63 74 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 65 72 72 6f 72 5f 63 6f 64 65 25 32 32 25 33 61 25 32 32 4f 46 46 45 52 5f 41 50 49 5f 46 41 49 4c 55 52 45 25 32 32 25 32 63 25 32 32 65 72 72 6f 72 5f 64 65 73 63 72 69 70 74 69 6f 6e 25 32 32 25 33 61 25 32 32 43 6f 64 65 25 33 61 25 32 30 33 35 25 33 62 25 32 30 45 72 72 6f 72 25 32 30 73 74 72 69 6e 67 25 33 61 25 32 30 73 63 68 61 6e 6e 65 6c 25 33 61 25 32 30 6e 65 78 74 25 32 30 49 6e 69 74 69 61 6c 69 7a 65 53 65 63 75 72 69 74 79 43 6f 6e 74 65 78 74 25 32 30 66 61 69 6c 65 64 25 33 61 25 32 30 55 6e 6b 6e 6f 77 6e 25 32 30 65 72 72 6f 72 25 32 30 25 32 38 30 78 38 30 30 39 32 30 31 32 25 32 39 25 32 30 2d 25 32 30 54 68 65 25 32 30 72 65 76 6f 63 61 74 69 6f 6e 25 32 30 66 75 6e 63 74 69 6f 6e 25 32 30 77 61 73 25 32 30 75 6e 61 62 6c 65 25 32 30 74 6f 25 32 30 63 68 65 63 6b 25 32 30 72 65 76 6f 63 61 74 69 6f 6e 25 32 30 66 6f 72 25 32 30 74 68 65 25 32 30 63 65 72 74 69 66 69 63 61 74 65 2e 25 32 32 25 32 63 25 32 32 6f 66 66 65 72 5f 70 72 6f 64 75 63 74 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 73 6f 75 72 63 65 25 32 32 25 33 61 25 32 32 50 6c 61 79 61 53 44 4b 25 32 30 43 25 32 62 25 32 62 25 32 30 76 31 2e 37 2e 33 25 32 32 25 32 63 25 32 32 75 73 65 72 5f 63 6f 75 6e 74 72 79 25 32 32 25 33 61 25 32 32 25 32 32 25 37 64 25 32 63 25 32 32 65 76 65 6e 74 5f 74 79 70 65 25 32 32 25 33 61 25 32 32 65 72 72 6f 72 25 32 32 25 32 63 25 32 32 69 70 25 32 32 25 33 61 25 32 32 25 32 34 72 65 6d 6f 74 65 25 32 32 25 32 63 25 32 32 73 65 73 73 69 6f 6e 5f 69 64 25 32 32 25 33 61 31 37 31 33 39 36 30 30 36 32 30 31 39 25 37 64 25 35 64 Data Ascii: api_key=e8OFglPlUwaUQYg9khHR89x9FrE1f7m1387hQEIj&event=%5b%7b%22event_properties%22%3a%7b%22distributor%22%3a%22%22%2c%22distributor_product%22%3a%22%22%2c%22error_code%22%3a%22OFFER_API_FAILURE%22%2c%22error_description%22%3a%22Code%3a%2035%3b%20Error%20string%3a%20schannel%3a%20next%20InitializeSecurityContext%20failed%3a%20Unknown%20error%20%280x80092012%29%20-%20The%20revocation%20function%20was%20unable%20to%20check%20revocation%20for%20the%20certificate.%22%2c%22offer_product%22%3a%22%22%2c%22source%22%3a%22PlayaSDK%20C%2b%2b%20v1.7.3%22%2c%22user_country%22%3a%22%22%7d%2c%22event_type%22%3a%22error%22%2c%22ip%22%3a%22%24remote%22%2c%22session_id%22%3a1713960062019%7d%5d
Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /pc-cleaner/install HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8User-Agent: Mozilla/5.0 (Windows; U)Host: pchelpsoft.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pc-cleaner/install HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows; U)Connection: Keep-AliveCache-Control: no-cacheHost: www.pchelpsoft.com
Source: global trafficHTTP traffic detected: POST /desktop/install_complete HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (compatible; Indy Library)Content-Length: 147Host: cloud.pchelpsoft.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C04ADA0 socket,socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,closesocket,closesocket,closesocket,closesocket,closesocket,4_2_6C04ADA0
Source: global trafficHTTP traffic detected: GET /debug.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Embarcadero URI Client/1.0Host: collect.avqtools.com
Source: global trafficHTTP traffic detected: GET /pc-cleaner/install HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8User-Agent: Mozilla/5.0 (Windows; U)Host: pchelpsoft.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pc-cleaner/install HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows; U)Connection: Keep-AliveCache-Control: no-cacheHost: www.pchelpsoft.com
Source: global trafficHTTP traffic detected: GET /api/tracking/pccleaner?downloadedDate=2024-04-24T10%3A30%3A06.678Z HTTP/1.1Connection: Keep-AliveUser-Agent: Embarcadero URI Client/1.0Host: partner-tracking.lavasoft.com
Source: global trafficHTTP traffic detected: GET /images/build-phone-banners/phone_activation.png HTTP/1.1Connection: Keep-AliveUser-Agent: Embarcadero URI Client/1.0Host: www.pchelpsoft.com
Source: unknownDNS traffic detected: queries for: collect.avqtools.com
Source: unknownHTTP traffic detected: POST /api/collect HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Embarcadero URI Client/1.0Content-Length: 353Host: collect.avqtools.com
Source: PCCleaner.exe, PCCleaner.exe, 00000004.00000003.1904735980.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1904735980.0000000007A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.playanext.com/httpapi
Source: PCCleaner.exe, 00000004.00000003.1904735980.0000000007A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.playanext.com/httpapib%22distributor%22%3a%22%22%2c%
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cdn.pchelpsoft.com/pchelpsoft/Driver_Updater_CS.exe?mkey1=PH_CRS_PCC_TO_DU_DL&cmp=CROSSELL
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.000000000246F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cdn.pchelpsoft.com/pchelpsoft/Driver_Updater_CS.exe?mkey1=PH_CRS_PCC_TO_DU_DL&cmp=CROSSELLtmp
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000002.1808516635.000000000018D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1726439925.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1812491495.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000023DB000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.google.com/search?q=
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2982821753.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000000.1783577234.000000000079F000.00000020.00000001.01000000.00000007.sdmp, PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.indyproject.org/
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.playanext.com/U
Source: PCCleaner.exe, 00000004.00000002.2994873685.0000000005BC4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.00000000037C1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.pchelpsoft.com/desktop/install_complete
Source: PCCNotifications.exe, 00000003.00000002.2979751952.00000000009D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://collect.avqtools.com/
Source: PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://collect.avqtools.com/2
Source: PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://collect.avqtools.com/6
Source: PCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmp, PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000003.2002335373.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000003.2089622013.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2982183505.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://collect.avqtools.com/api/collect
Source: PCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://collect.avqtools.com/api/collectU
Source: PCCNotifications.exe, 00000003.00000003.2002335373.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000003.2089622013.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2982183505.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://collect.avqtools.com/api/collectd
Source: PCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://collect.avqtools.com/api/debug?program=pchs_cleaner_v
Source: PCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://collect.avqtools.com/api/debugU
Source: PCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://collect.avqtools.com/debug.txt
Source: PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://collect.avqtools.com/t.co
Source: PCCleaner.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: PCCleaner.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: PCCleaner.exeString found in binary or memory: https://files.playanext.com/Installer/
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000000.1725506766.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://notifications.avqtools.com/clicked/
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://notifications.avqtools.com/confirmed/
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://notifications.avqtools.com/executed/
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://notifications.avqtools.com/exit-xml/PCHELPSOFT
Source: PCCNotifications.exe, 00000003.00000002.2982821753.0000000002724000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://notifications.avqtools.comaPr
Source: PCCleaner.exe, PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://offers.playanext.com/offer
Source: PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://offers.playanext.com/offer0
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://partner-tracking.lavasoft.com/api/tracking/pccleaner?downloadedDate=
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000024FA000.00000004.00001000.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.3004334140.0000000007A10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003690000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/company/eula/
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000024D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/company/eula/a
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003690000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/company/privacy-policy/
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.0000000002501000.00000004.00001000.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/pc-cleaner/install
Source: PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/pc-cleaner/install-
Source: PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/pc-cleaner/installO
Source: PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/pc-cleaner/installU
Source: PCCleaner.exe, 00000004.00000002.2983811248.0000000002C04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.com/rpf
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://pchelpsoft.com/support/pc-cleaner/how-to-uninstall/
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003779000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.upclick.com/clickgate/join.aspx?ref=crm.pchelpsoft.com/cleaner&ujid=20s3lABRVNE=&
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003796000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.upclick.com/clickgate/join.aspx?ref=crm.pchelpsoft.com/cleaner&ujid=2GD9HaP
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003796000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.upclick.com/clickgate/join.aspx?ref=crm.pchelpsoft.com/cleaner&ujid=epIz41GP07U=&
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003779000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pchelpsoft.upclick.com/clickgate/join.aspx?ref=crm.pchelpsoft.com/cleaner&ujid=hv6Az34OCw8=&
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://services.avanquest.com/pchelpsoft/trustedPilot_cleaner.php?data=
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003780000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=Pxo3UeCZAEo=&step=2&cmp=UNI
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=TqA1Vm9ge5o=
Source: PCCleaner.exe, 00000004.00000002.2983811248.0000000002BED000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=TqA1Vm9ge5o=&src=default_re
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000024A2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=TqA1Vm9ge5o=1AJ
Source: PCCNotifications.exe, 00000003.00000002.2982821753.0000000002724000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://subscriptions.avqtools.com
Source: PCCleaner.exe, 00000004.00000002.2994873685.0000000005BC4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://subscriptions.avqtools.com0
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.pchelpsoft.com/hc/
Source: PCCleaner.exe, 00000004.00000002.2994873685.0000000005BC4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.pchelpsoft.com/hc/0
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000024F3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.pchelpsoft.com/hc/9QO
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://techsupport.avqtools.com/feedback
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://upgrades.avqtools.com
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://upgrades.avqtools.comS
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://us.trustpilot.com/evaluate/www.pchelpsoft.com
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://webtools.avanquest.com/redirect.cfm?eredirectId=pchelpsoft/pc_cleaner_router_missing_passwor
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000000.1729489652.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000002.1808516635.000000000018D000.00000004.00000010.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/
Source: PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/LMEM
Source: PCCleaner.exe, 00000004.00000003.1904735980.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1956192852.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.3004334140.0000000007A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/Q
Source: PCCleaner.exe, 00000004.00000003.1904735980.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1956192852.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.3004334140.0000000007A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/a
Source: PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/c
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.pchelpsoft.com/company/eula/U
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.pchelpsoft.com/company/privacy-policy/
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.pchelpsoft.com/company/privacy-policy/S
Source: PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/images/build-phone-banners/phone_activation.png
Source: PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/images/build-phone-banners/phone_activation.png$
Source: PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/images/build-phone-banners/phone_activation.png.co
Source: PCCNotifications.exe, 00000003.00000002.2986834032.0000000002D85000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/images/build-phone-banners/phone_activation.pngo
Source: PCCleaner.exe, 00000004.00000003.1904735980.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1904735980.0000000007A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/pc-cleaner/install
Source: PCCleaner.exe, 00000004.00000002.2992112632.00000000052A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.com/pc-cleaner/installite
Source: PCCNotifications.exe, 00000003.00000002.2982821753.00000000026BD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.pchelpsoft.comm/api/collectn
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000000.1729489652.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownHTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.239.199.80:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.73.195:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.1.116:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.148.130:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.239.32.21:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.1.116:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C04C5504_2_6C04C550
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0B0C6C4_2_6C0B0C6C
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0B0D8C4_2_6C0B0D8C
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C092DDD4_2_6C092DDD
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0A0AAA4_2_6C0A0AAA
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C09EBF84_2_6C09EBF8
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C08E4304_2_6C08E430
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C04E4704_2_6C04E470
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C02E4C04_2_6C02E4C0
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0660204_2_6C066020
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0462704_2_6C046270
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C037F904_2_6C037F90
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0A98094_2_6C0A9809
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C04B9004_2_6C04B900
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C005A584_2_6C005A58
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0636404_2_6C063640
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C09300F4_2_6C09300F
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0970504_2_6C097050
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0950814_2_6C095081
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E871E67_2_61E871E6
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E200127_2_61E20012
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E603D37_2_61E603D3
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E453DE7_2_61E453DE
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E2F3B77_2_61E2F3B7
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E3F2D07_2_61E3F2D0
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E432AA7_2_61E432AA
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E6D2887_2_61E6D288
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7D5677_2_61E7D567
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E4A4BF7_2_61E4A4BF
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E834847_2_61E83484
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E244977_2_61E24497
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E814977_2_61E81497
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E744687_2_61E74468
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E897F67_2_61E897F6
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7F7737_2_61E7F773
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E627497_2_61E62749
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E786A37_2_61E786A3
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E1567E7_2_61E1567E
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E288077_2_61E28807
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E438167_2_61E43816
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E4EB857_2_61E4EB85
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E6FACA7_2_61E6FACA
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E4BAB97_2_61E4BAB9
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E57A817_2_61E57A81
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E1BA5A7_2_61E1BA5A
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E3CA3A7_2_61E3CA3A
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E65CBE7_2_61E65CBE
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E3DFCB7_2_61E3DFCB
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E51FB57_2_61E51FB5
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E6DF667_2_61E6DF66
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E72F787_2_61E72F78
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7FEDC7_2_61E7FEDC
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E4FEAD7_2_61E4FEAD
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: String function: 6C08B85D appears 152 times
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: String function: 6C08B82A appears 247 times
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: String function: 6C08C350 appears 61 times
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: String function: 6C03CFE0 appears 108 times
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: String function: 6C03CF00 appears 138 times
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: String function: 6C08B5F0 appears 38 times
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-5GPCL.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-GSPK3.tmp.1.drStatic PE information: Number of sections : 11 > 10
Source: is-BOR76.tmp.1.drStatic PE information: Number of sections : 11 > 10
Source: is-8F6BD.tmp.1.drStatic PE information: Number of sections : 11 > 10
Source: is-0OI5S.tmp.1.drStatic PE information: Number of sections : 18 > 10
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FE33000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000027D7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1812491495.0000000002308000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000000.1725738295.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: sus28.spyw.winEXE@8/90@8/8
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C02A460 GetLastError,FormatMessageA,___from_strstr_to_strchr,GetLastError,SetLastError,4_2_6C02A460
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC CleanerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeMutant created: \Sessions\1\BaseNamedObjects\AF54E2DC-EE25-4757-87F6-A1880E22042B
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeMutant created: \Sessions\1\BaseNamedObjects\dbcc15e2c3e24edf018ffd1269d25c9a
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeFile created: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmpJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile read: C:\Program Files (x86)\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [dhcpnames] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [scanid] INTEGER NULL, [mac] TEXT NULL, [hostname] TEXT NULL, [vendorident] TEXT NULL);
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','ma-m_index','ma-m',#1,'CREATE INDEX [ma-m_index] on [ma-m] ([Pattern] desc)');
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [mdns] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [ipid] INTEGER NULL, [query] TEXT NULL, [answer] BLOB NULL);
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','sqlite_autoindex_logins_1','logins',#4,NULL);[WSLike] TEXT NULL)F
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [ports] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [ipid] INTEGER NULL, [port] INTEGER NULL, [protocol] INTEGER NULL, [string] TEXT NULL);
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','ma-l_index','ma-l',#1,'CREATE INDEX [ma-l_index] on [ma-l] ([Pattern] desc)');
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','ma-s_index','ma-s',#1,'CREATE INDEX [ma-s_index] on [ma-s] ([Pattern] desc)');
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','ma-m_index','ma-m',#1,'CREATE INDEX [ma-m_index] on [ma-m] ([Pattern] desc)');
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','sqlite_autoindex_passwords_1','passwords',#4,NULL);&
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [vulnerability] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [portid] INTEGER NULL, [vultype] INTEGER NULL, [text1] TEXT NULL, [text2] TEXT NULL);U
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [hosts] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [scanid] INTEGER NULL, [ip] TEXT NULL, [mac] TEXT NULL, [scantime] INTEGER NULL, [vultime] INTEGER NULL, [vpassed] INTEGER NULL);
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','sqlite_autoindex_passwords_1','passwords',#4,NULL);
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [names] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [ipid] INTEGER NULL, [type] INTEGER NULL, [value] TEXT NULL);
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: insert into [resources] ([ipid], [Name], [Description], [Path], [ServerName], [Password], [ResourceType], [Special], [Temporary]) values (?, ?, ?, ?, ?, ?, ?, ?, ?);U
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [scans] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [date] REAL NULL, [network] TEXT NULL, [win] TEXT NULL, [scantime] INTEGER NULL, [vultime] INTEGER NULL);
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','ports_index','ports',#1,'CREATE INDEX [ports_index] on [ports] ([Port] desc)');
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [files] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [scanid] INTEGER NULL, [name] TEXT NULL, [data] TEXT NULL);
Source: PCCleaner.exe, 00000004.00000003.1869204053.0000000003B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','sqlite_autoindex_logins_1','logins',#4,NULL);
Source: PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: create table if not exists [resources] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [ipid] INTEGER NULL, [Name] TEXT NULL, [Description] TEXT NULL, [Path] TEXT NULL, [ServerName] TEXT NULL,[Password] TEXT NULL, [ResourceType] INTEGER NULL, [Special] INTEGER NULL, [Temporary] INTEGER NULL, [Access] INTEGER NULL);
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeVirustotal: Detection: 7%
Source: PCCleaner.exeString found in binary or memory: https://files.playanext.com/Installer/
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeProcess created: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp "C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp" /SL5="$20450,6944918,831488,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe"
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess created: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe "C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe"
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess created: C:\Program Files (x86)\PC Cleaner\PCCleaner.exe "C:\Program Files (x86)\PC Cleaner\PCCleaner" /START
Source: unknownProcess created: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe "C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeProcess created: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp "C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp" /SL5="$20450,6944918,831488,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess created: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe "C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess created: C:\Program Files (x86)\PC Cleaner\PCCleaner.exe "C:\Program Files (x86)\PC Cleaner\PCCleaner" /STARTJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: crtdll.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: security.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: olepro32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: webio.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: crtdll.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: security.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: shunimpl.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: olepro32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: playasdk.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: webio.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: amsi.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: crtdll.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: security.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeSection loaded: olepro32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: PC Cleaner.lnk.1.drLNK file: ..\..\..\Program Files (x86)\PC Cleaner\PCCleaner.exe
Source: PC Cleaner.lnk0.1.drLNK file: ..\..\..\..\..\..\Program Files (x86)\PC Cleaner\PCCleaner.exe
Source: PC Cleaner on the Web.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files (x86)\PC Cleaner\HomePage.url
Source: Uninstall PC Cleaner.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files (x86)\PC Cleaner\unins000.exe
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile written: C:\Users\user\AppData\Roaming\PC Cleaner\Backup\Extensions.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpAutomated click: Next
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeStatic file information: File size 7867760 > 1048576
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: o[11][FILE]C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb`a source: PCCleaner.exe, 00000004.00000002.2983811248.0000000002B46000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C03FC50 WSAStartup,WSACleanup,GetModuleHandleA,GetProcAddress,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,if_nametoindex,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoA,QueryPerformanceFrequency,4_2_6C03FC50
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeStatic PE information: section name: .didata
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp.0.drStatic PE information: section name: .didata
Source: is-5GPCL.tmp.1.drStatic PE information: section name: .didata
Source: is-BOR76.tmp.1.drStatic PE information: section name: .didata
Source: is-GSPK3.tmp.1.drStatic PE information: section name: .didata
Source: is-0OI5S.tmp.1.drStatic PE information: section name: /4
Source: is-0OI5S.tmp.1.drStatic PE information: section name: /19
Source: is-0OI5S.tmp.1.drStatic PE information: section name: /31
Source: is-0OI5S.tmp.1.drStatic PE information: section name: /45
Source: is-0OI5S.tmp.1.drStatic PE information: section name: /57
Source: is-0OI5S.tmp.1.drStatic PE information: section name: /70
Source: is-0OI5S.tmp.1.drStatic PE information: section name: /81
Source: is-0OI5S.tmp.1.drStatic PE information: section name: /92
Source: is-8F6BD.tmp.1.drStatic PE information: section name: .didata
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C08B80C push ecx; ret 4_2_6C08B80B
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C02DAC0 push ebx; ret 4_2_6C02DAC1
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C08B7F8 push ecx; ret 4_2_6C08B80B
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61EAC2A8 push ds; retf 7_2_61EAC2AE
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\is-5HH89.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BVGJ6.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\PCCleaner.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\PCHSUninstaller.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\sqlite3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\is-5GPCL.tmpJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeFile created: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\is-8F6BD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\is-BOR76.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\is-GSPK3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\is-0OI5S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\Program Files (x86)\PC Cleaner\PlayaSDK.dll (copy)Jump to dropped file

Boot Survival

barindex
Monitors registry run keys for changes
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC CleanerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\PC Cleaner.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\PC Cleaner on the Web.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\Uninstall PC Cleaner.lnkJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_4-64891
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpDropped PE file which has not been started: C:\Program Files (x86)\PC Cleaner\is-5HH89.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-BVGJ6.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpDropped PE file which has not been started: C:\Program Files (x86)\PC Cleaner\PCHSUninstaller.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpDropped PE file which has not been started: C:\Program Files (x86)\PC Cleaner\is-8F6BD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpDropped PE file which has not been started: C:\Program Files (x86)\PC Cleaner\is-0OI5S.tmpJump to dropped file
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_4-64046
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0134A7 GetLocalTime followed by cmp: cmp eax, 0ch and CTI: jbe 6C0134DAh4_2_6C0134A7
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\userJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
Source: SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000002.1810074305.0000000000797000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\v
Source: PCCleaner.exe, 00000004.00000002.2997862885.0000000006319000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmicvss0
Source: PCCleaner.exe, 00000004.00000003.1827233560.000000000691F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 000C29VMware, Inc.
Source: PCCleaner.exe, 00000004.00000002.2997862885.000000000634C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware NAT Service195
Source: PCCleaner.exe, 00000004.00000003.1816156250.0000000003AE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 005056VMware, Inc.
Source: PCCleaner.exe, 00000004.00000003.1827233560.000000000691F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 000569VMware, Inc.
Source: PCCleaner.exe, 00000004.00000002.2994873685.0000000005B53000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dVMAuthdService=VMware Authorization Service. If you do not use VMware, this service can be disabled.]
Source: PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2979751952.00000000009D0000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1896530032.0000000007A37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: PCCleaner.exe, 00000004.00000002.2994873685.0000000005B53000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dVMAuthdService=VMware Authorization Service. If you do not use VMware, this service can be disabled.2$1:
Source: PCCleaner.exe, 00000004.00000003.1816156250.0000000003AE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 001C14VMware, Inc.;
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C08C577 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C08C577
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C03FC50 WSAStartup,WSACleanup,GetModuleHandleA,GetProcAddress,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,if_nametoindex,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoA,QueryPerformanceFrequency,4_2_6C03FC50
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0A8D39 mov eax, dword ptr fs:[00000030h]4_2_6C0A8D39
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C0A8D7D mov eax, dword ptr fs:[00000030h]4_2_6C0A8D7D
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C09FB17 mov eax, dword ptr fs:[00000030h]4_2_6C09FB17
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C08C577 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C08C577
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C08BC61 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C08BC61
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C08FF63 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C08FF63
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E8A900 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,7_2_61E8A900
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E8A8FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,7_2_61E8A8FC
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C08C39A cpuid 4_2_6C08C39A
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_6C0AEC82
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetLocaleInfoEx,4_2_6C08AE01
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetLocaleInfoW,4_2_6C0AEED5
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_6C0AEFFB
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,4_2_6C0AE86F
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetLocaleInfoW,4_2_6C0AEA6A
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: EnumSystemLocalesW,4_2_6C0AEB11
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: EnumSystemLocalesW,4_2_6C0AEB5C
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: EnumSystemLocalesW,4_2_6C0AEBF7
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetLocaleInfoW,4_2_6C0A3D6B
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: EnumSystemLocalesW,4_2_6C0A37B2
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetLocaleInfoW,4_2_6C0AF101
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_6C0AF1D0
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C078E94 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,4_2_6C078E94
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txtJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeFile read: C:\Program Files (x86)\PC Cleaner\Cookies.txtJump to behavior
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C04ADA0 socket,socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,closesocket,closesocket,closesocket,closesocket,closesocket,4_2_6C04ADA0
Source: C:\Program Files (x86)\PC Cleaner\PCCleaner.exeCode function: 4_2_6C03EB00 ___from_strstr_to_strchr,htons,htons,htons,bind,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,4_2_6C03EB00
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E711C6 sqlite3_mprintf,sqlite3_prepare_v3,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,7_2_61E711C6
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7219B sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,7_2_61E7219B
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7417C sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,7_2_61E7417C
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E8515A sqlite3_value_text,sqlite3_result_blob,strcmp,sqlite3_free,sqlite3_result_error,sqlite3_free,sqlite3_malloc,sqlite3_malloc,sqlite3_reset,sqlite3_result_error_code,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_column_type,sqlite3_reset,sqlite3_column_blob,sqlite3_result_blob,7_2_61E8515A
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E880E0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,7_2_61E880E0
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7409C sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,7_2_61E7409C
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E293F4 sqlite3_mutex_leave,sqlite3_bind_blob,7_2_61E293F4
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E163D4 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,7_2_61E163D4
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E713AC sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,7_2_61E713AC
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E8834B sqlite3_value_int,sqlite3_value_int,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,7_2_61E8834B
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7633B sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,7_2_61E7633B
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7D2FE sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_column_text,sqlite3_column_bytes,sqlite3_value_text,sqlite3_value_bytes,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,7_2_61E7D2FE
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E712C4 sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,7_2_61E712C4
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7229F sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,7_2_61E7229F
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E72220 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,7_2_61E72220
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E77206 sqlite3_bind_text,sqlite3_bind_value,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_blob_open,sqlite3_blob_write,sqlite3_blob_close,7_2_61E77206
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E03203 sqlite3_bind_parameter_count,7_2_61E03203
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E03215 sqlite3_bind_parameter_name,7_2_61E03215
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E165F0 sqlite3_transfer_bindings,7_2_61E165F0
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E295F7 sqlite3_bind_null,sqlite3_mutex_leave,7_2_61E295F7
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E295D1 sqlite3_bind_int,sqlite3_bind_int64,7_2_61E295D1
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E29582 sqlite3_bind_int64,sqlite3_mutex_leave,7_2_61E29582
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E76545 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_malloc,sqlite3_reset,7_2_61E76545
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E2951D sqlite3_bind_double,sqlite3_mutex_leave,7_2_61E2951D
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E294F6 sqlite3_bind_text16,7_2_61E294F6
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E29489 sqlite3_bind_text64,7_2_61E29489
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E83484 sqlite3_value_text,sqlite3_value_bytes,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_malloc,sqlite3_step,sqlite3_column_int,sqlite3_column_int64,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_free,sqlite3_finalize,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_step,sqlite3_column_int64,sqlite3_column_int,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_malloc,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_value_text,sqlite3_value_bytes,sqlite3_free,7_2_61E83484
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E81497 sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_type,sqlite3_reset,sqlite3_malloc,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,memcmp,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_column_int64,sqlite3_reset,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_realloc,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,7_2_61E81497
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E29462 sqlite3_bind_text,7_2_61E29462
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7242A sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_bind_int,sqlite3_column_int,sqlite3_bind_int,sqlite3_column_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,7_2_61E7242A
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E6C43E sqlite3_mprintf,sqlite3_bind_int,7_2_61E6C43E
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E2941B sqlite3_bind_blob64,7_2_61E2941B
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E297F9 sqlite3_bind_zeroblob64,sqlite3_mutex_enter,sqlite3_bind_zeroblob,sqlite3_mutex_leave,7_2_61E297F9
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E727FA sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,7_2_61E727FA
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E707A4 sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_mprintf,7_2_61E707A4
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7079A sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,7_2_61E7079A
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E29712 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,7_2_61E29712
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E726EE sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_column_type,7_2_61E726EE
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E6C6C1 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_prepare_v3,sqlite3_free,sqlite3_bind_value,7_2_61E6C6C1
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E296A5 sqlite3_bind_zeroblob,sqlite3_mutex_leave,7_2_61E296A5
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E29628 sqlite3_bind_pointer,sqlite3_mutex_leave,7_2_61E29628
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E75605 sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,7_2_61E75605
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7B835 sqlite3_value_text,sqlite3_value_text,sqlite3_mprintf,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_malloc,sqlite3_finalize,sqlite3_free,7_2_61E7B835
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E75BDB sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,7_2_61E75BDB
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E75B70 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,7_2_61E75B70
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E71B7A sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,7_2_61E71B7A
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E80AF2 sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,7_2_61E80AF2
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E86D2A sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,memmove,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,7_2_61E86D2A
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7BD2B sqlite3_mprintf,sqlite3_bind_int,sqlite3_step,sqlite3_reset,memmove,memcmp,7_2_61E7BD2B
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E12CD9 sqlite3_bind_parameter_index,7_2_61E12CD9
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7EC81 memcmp,sqlite3_realloc,qsort,sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_reset,sqlite3_reset,7_2_61E7EC81
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E86C8E sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,7_2_61E86C8E
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E71C0A sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_bind_value,sqlite3_step,sqlite3_reset,7_2_61E71C0A
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E79FE5 memcmp,sqlite3_mprintf,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,7_2_61E79FE5
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E80FD8 sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,7_2_61E80FD8
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E73F60 sqlite3_value_int,sqlite3_bind_int,sqlite3_bind_value,sqlite3_step,sqlite3_reset,7_2_61E73F60
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E7FEDC sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_malloc,sqlite3_malloc,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_realloc,sqlite3_realloc,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,7_2_61E7FEDC
Source: C:\Program Files (x86)\PC Cleaner\PCCNotifications.exeCode function: 7_2_61E70E7C sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,7_2_61E70E7C

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
Registry Run Keys / Startup Folder		1
Process Injection		2
Masquerading		1
OS Credential Dumping		11
System Time Discovery		Remote Services11
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Process Injection		1
Credentials In Files		11
Query Registry		Remote Desktop Protocol11
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Native API		Logon Script (Windows)1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		Security Account Manager21
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials3
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync53
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430961 Sample: SecuriteInfo.com.Program.Un... Startdate: 24/04/2024 Architecture: WINDOWS Score: 28 40 www.pchelpsoft.com 2->40 42 pchelpsoft.com 2->42 44 7 other IPs or domains 2->44 50 Multi AV Scanner detection for submitted file 2->50 8 SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe 2 2->8         started        11 PCCNotifications.exe 2->11         started        signatures3 process4 file5 22 SecuriteInfo.com.P...320.27373.27791.tmp, PE32 8->22 dropped 13 SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp 56 56 8->13         started        process6 file7 24 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 13->24 dropped 26 C:\...\unins000.exe (copy), PE32 13->26 dropped 28 C:\Program Files (x86)\...\sqlite3.dll (copy), PE32 13->28 dropped 30 10 other files (none is malicious) 13->30 dropped 16 PCCleaner.exe 35 39 13->16         started        20 PCCNotifications.exe 54 3 13->20         started        process8 dnsIp9 32 cloud.pchelpsoft.com 216.239.32.21, 443, 49759 GOOGLEUS United States 16->32 34 partner-tracking.lavasoft.com 104.16.148.130, 443, 49756 CLOUDFLARENETUS United States 16->34 38 5 other IPs or domains 16->38 46 Tries to harvest and steal browser information (history, passwords, etc) 16->46 36 collect.avqtools.com 116.203.251.147, 443, 49733, 49734 HETZNER-ASDE Germany 20->36 48 Monitors registry run keys for changes 20->48 signatures10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe8%ReversingLabs
SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe7%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe (copy)4%ReversingLabs
C:\Program Files (x86)\PC Cleaner\PCCleaner.exe (copy)8%ReversingLabs
C:\Program Files (x86)\PC Cleaner\PCHSUninstaller.exe (copy)3%ReversingLabs
C:\Program Files (x86)\PC Cleaner\PlayaSDK.dll (copy)5%ReversingLabs
C:\Program Files (x86)\PC Cleaner\is-0OI5S.tmp3%ReversingLabs
C:\Program Files (x86)\PC Cleaner\is-5GPCL.tmp3%ReversingLabs
C:\Program Files (x86)\PC Cleaner\is-5HH89.tmp5%ReversingLabs
C:\Program Files (x86)\PC Cleaner\is-8F6BD.tmp3%ReversingLabs
C:\Program Files (x86)\PC Cleaner\is-BOR76.tmp8%ReversingLabs
C:\Program Files (x86)\PC Cleaner\is-GSPK3.tmp4%ReversingLabs
C:\Program Files (x86)\PC Cleaner\sqlite3.dll (copy)3%ReversingLabs
C:\Program Files (x86)\PC Cleaner\unins000.exe (copy)3%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-BVGJ6.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp3%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.indyproject.org/0%URL Reputationsafe
https://www.remobjects.com/ps0%URL Reputationsafe
http://www.dk-soft.org/0%URL Reputationsafe
https://www.pchelpsoft.comm/api/collectn0%Avira URL Cloudsafe
http://www.playanext.com/U0%Avira URL Cloudsafe
https://notifications.avqtools.com/executed/0%Avira URL Cloudsafe
https://notifications.avqtools.com/exit-xml/PCHELPSOFT0%Avira URL Cloudsafe
https://collect.avqtools.com/api/collectd0%Avira URL Cloudsafe
https://upgrades.avqtools.com0%Avira URL Cloudsafe
https://notifications.avqtools.com/confirmed/0%Avira URL Cloudsafe
https://files.playanext.com/Installer/0%Avira URL Cloudsafe
https://collect.avqtools.com/t.co0%Avira URL Cloudsafe
https://subscriptions.avqtools.com00%Avira URL Cloudsafe
https://collect.avqtools.com/api/collectU0%Avira URL Cloudsafe
https://notifications.avqtools.comaPr0%Avira URL Cloudsafe
https://collect.avqtools.com/60%Avira URL Cloudsafe
https://www.innosetup.com/0%Avira URL Cloudsafe
https://collect.avqtools.com/20%Avira URL Cloudsafe
http://api.playanext.com/httpapi0%Avira URL Cloudsafe
https://notifications.avqtools.com/clicked/0%Avira URL Cloudsafe
https://collect.avqtools.com/api/debugU0%Avira URL Cloudsafe
https://techsupport.avqtools.com/feedback0%Avira URL Cloudsafe
https://offers.playanext.com/offer0%Avira URL Cloudsafe
https://collect.avqtools.com/api/debug?program=pchs_cleaner_v0%Avira URL Cloudsafe
https://collect.avqtools.com/0%Avira URL Cloudsafe
https://collect.avqtools.com/api/collect0%Avira URL Cloudsafe
https://collect.avqtools.com/debug.txt0%Avira URL Cloudsafe
http://api.playanext.com/httpapib%22distributor%22%3a%22%22%2c%0%Avira URL Cloudsafe
https://upgrades.avqtools.comS0%Avira URL Cloudsafe
https://offers.playanext.com/offer00%Avira URL Cloudsafe
https://subscriptions.avqtools.com0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cloud.pchelpsoft.com
216.239.32.21
truefalse
    		high
    d1atxff5avezsq.cloudfront.net
    		108.138.246.21
    		truefalse
      		high
      www.pchelpsoft.com
      		104.26.1.116
      		truefalse
        		high
        b217xlnyk0.execute-api.us-west-2.amazonaws.com
        		18.239.199.80
        		truefalse
          		high
          collect.avqtools.com
          		116.203.251.147
          		truefalse
            		unknown
            pchelpsoft.com
            		172.67.73.195
            		truefalse
              		high
              partner-tracking.lavasoft.com
              		104.16.148.130
              		truefalse
                		high
                api.playanext.com
                		unknown
                		unknownfalse
                  		unknown
                  offers.playanext.com
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://cloud.pchelpsoft.com/desktop/install_completefalse
                      		high
                      https://www.pchelpsoft.com/images/build-phone-banners/phone_activation.pngfalse
                        		high
                        https://pchelpsoft.com/pc-cleaner/installfalse
                          		high
                          http://api.playanext.com/httpapifalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://partner-tracking.lavasoft.com/api/tracking/pccleaner?downloadedDate=2024-04-24T10%3A30%3A06.678Zfalse
                            		high
                            https://collect.avqtools.com/debug.txtfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://collect.avqtools.com/api/collectfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.pchelpsoft.com/pc-cleaner/installfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000000.1725506766.0000000000401000.00000020.00000001.01000000.00000003.sdmpfalse
                                		high
                                https://www.pchelpsoft.comm/api/collectnPCCNotifications.exe, 00000003.00000002.2982821753.00000000026BD000.00000004.00001000.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://notifications.avqtools.com/executed/PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://collect.avqtools.com/api/collectdPCCNotifications.exe, 00000003.00000003.2002335373.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000003.2089622013.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2982183505.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://pchelpsoft.upclick.com/clickgate/join.aspx?ref=crm.pchelpsoft.com/cleaner&ujid=20s3lABRVNE=&SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003779000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://collect.avqtools.com/t.coPCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pchelpsoft.upclick.com/clickgate/join.aspx?ref=crm.pchelpsoft.com/cleaner&ujid=2GD9HaPSecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003796000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=TqA1Vm9ge5o=SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://notifications.avqtools.com/exit-xml/PCHELPSOFTPCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://upgrades.avqtools.comSecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/soap/envelope/PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                        		high
                                        https://www.pchelpsoft.com/QPCCleaner.exe, 00000004.00000003.1904735980.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1956192852.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.3004334140.0000000007A61000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.pchelpsoft.com/images/build-phone-banners/phone_activation.png.coPCCNotifications.exe, 00000003.00000002.2979751952.0000000000A39000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://notifications.avqtools.com/confirmed/PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://pchelpsoft.com/company/privacy-policy/SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003690000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.playanext.com/UPCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://pchelpsoft.com/support/pc-cleaner/how-to-uninstall/PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                		high
                                                https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=TqA1Vm9ge5o=1AJSecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000024A2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.indyproject.org/SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2982821753.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000000.1783577234.000000000079F000.00000020.00000001.01000000.00000007.sdmp, PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.pchelpsoft.com/company/privacy-policy/SPCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                    		high
                                                    https://files.playanext.com/Installer/PCCleaner.exefalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=TqA1Vm9ge5o=&src=default_rePCCleaner.exe, 00000004.00000002.2983811248.0000000002BED000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://subscriptions.avqtools.com0PCCleaner.exe, 00000004.00000002.2994873685.0000000005BC4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://collect.avqtools.com/api/collectUPCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://notifications.avqtools.comaPrPCCNotifications.exe, 00000003.00000002.2982821753.0000000002724000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://us.trustpilot.com/evaluate/www.pchelpsoft.comPCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                        		high
                                                        https://curl.haxx.se/docs/http-cookies.htmlPCCleaner.exefalse
                                                          		high
                                                          https://curl.haxx.se/docs/http-cookies.html#PCCleaner.exefalse
                                                            		high
                                                            https://pchelpsoft.com/rpfPCCleaner.exe, 00000004.00000002.2983811248.0000000002C04000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://webtools.avanquest.com/redirect.cfm?eredirectId=pchelpsoft/pc_cleaner_router_missing_passworPCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                		high
                                                                https://pchelpsoft.upclick.com/clickgate/join.aspx?ref=crm.pchelpsoft.com/cleaner&ujid=epIz41GP07U=&SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003796000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.pchelpsoft.com/SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1793709581.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000002.1808516635.000000000018D000.00000004.00000010.00020000.00000000.sdmp, PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.remobjects.com/psSecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000000.1729489652.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://collect.avqtools.com/api/debugUPCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://pchelpsoft.com/pc-cleaner/installOPCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://pchelpsoft.com/pc-cleaner/installUPCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.innosetup.com/SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727909626.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1727484855.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000000.1729489652.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.pchelpsoft.com/images/build-phone-banners/phone_activation.png$PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://offers.playanext.com/offerPCCleaner.exe, PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://pchelpsoft.com/company/eula/aSecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000024D6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.pchelpsoft.com/LMEMPCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.pchelpsoft.com/company/eula/UPCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                		high
                                                                                https://support.pchelpsoft.com/hc/0PCCleaner.exe, 00000004.00000002.2994873685.0000000005BC4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://notifications.avqtools.com/clicked/PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://pchelpsoft.com/pc-cleaner/install-PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=Pxo3UeCZAEo=&step=2&cmp=UNISecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003780000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://support.pchelpsoft.com/hc/9QOSecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000024F3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://cdn.pchelpsoft.com/pchelpsoft/Driver_Updater_CS.exe?mkey1=PH_CRS_PCC_TO_DU_DL&cmp=CROSSELLtmpSecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.000000000246F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/soap/encoding/PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                            		high
                                                                                            https://collect.avqtools.com/2PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.pchelpsoft.com/pc-cleaner/installitePCCleaner.exe, 00000004.00000002.2992112632.00000000052A5000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://pchelpsoft.com/company/eula/SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003690000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://collect.avqtools.com/6PCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://pchelpsoft.com/SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000024FA000.00000004.00001000.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.3004334140.0000000007A10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.google.com/search?q=PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                                    		high
                                                                                                    https://techsupport.avqtools.com/feedbackPCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.pchelpsoft.com/company/privacy-policy/PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.pchelpsoft.com/images/build-phone-banners/phone_activation.pngoPCCNotifications.exe, 00000003.00000002.2986834032.0000000002D85000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://partner-tracking.lavasoft.com/api/tracking/pccleaner?downloadedDate=PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                                          		high
                                                                                                          https://services.avanquest.com/pchelpsoft/trustedPilot_cleaner.php?data=PCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                                            		high
                                                                                                            https://collect.avqtools.com/api/debug?program=pchs_cleaner_vPCCNotifications.exe, 00000003.00000000.1783577234.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.dk-soft.org/SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1726439925.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe, 00000000.00000003.1812491495.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1801420220.00000000023DB000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://collect.avqtools.com/PCCNotifications.exe, 00000003.00000002.2979751952.00000000009D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://www.pchelpsoft.com/aPCCleaner.exe, 00000004.00000003.1904735980.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1895796664.0000000007A46000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000003.1956192852.0000000007A61000.00000004.00000020.00020000.00000000.sdmp, PCCleaner.exe, 00000004.00000002.3004334140.0000000007A61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.pchelpsoft.com/cPCCNotifications.exe, 00000003.00000002.2979751952.0000000000A48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.pchelpsoft.com/hc/SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://cdn.pchelpsoft.com/pchelpsoft/Driver_Updater_CS.exe?mkey1=PH_CRS_PCC_TO_DU_DL&cmp=CROSSELLSecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://api.playanext.com/httpapib%22distributor%22%3a%22%22%2c%PCCleaner.exe, 00000004.00000003.1904735980.0000000007A6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://offers.playanext.com/offer0PCCleaner.exe, 00000004.00000002.2979938210.0000000000EFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://subscriptions.avqtools.comPCCNotifications.exe, 00000003.00000002.2982821753.0000000002724000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://upgrades.avqtools.comSPCCleaner.exe, 00000004.00000000.1787044665.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://pchelpsoft.upclick.com/clickgate/join.aspx?ref=crm.pchelpsoft.com/cleaner&ujid=hv6Az34OCw8=&SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1796393048.0000000003779000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp, 00000001.00000003.1731604855.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      104.26.1.116
                                                                                                                      		www.pchelpsoft.comUnited States
                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                      108.138.246.21
                                                                                                                      		d1atxff5avezsq.cloudfront.netUnited States
                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                      216.239.32.21
                                                                                                                      		cloud.pchelpsoft.comUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      116.203.251.147
                                                                                                                      		collect.avqtools.comGermany
                                                                                                                      		24940HETZNER-ASDEfalse
                                                                                                                      104.16.148.130
                                                                                                                      		partner-tracking.lavasoft.comUnited States
                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                      18.239.199.80
                                                                                                                      		b217xlnyk0.execute-api.us-west-2.amazonaws.comUnited States
                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                      172.67.73.195
                                                                                                                      		pchelpsoft.comUnited States
                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                      Private

                                                                                                                      IP
                                                                                                                      127.0.0.1

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                      Analysis ID:1430961
                                                                                                                      Start date and time:2024-04-24 12:29:09 +02:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 9m 4s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:11
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
                                                                                                                      Detection:SUS
                                                                                                                      Classification:sus28.spyw.winEXE@8/90@8/8
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 50%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 95%
                                                                                                                      • Number of executed functions: 29
                                                                                                                      • Number of non-executed functions: 317
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Execution Graph export aborted for target PCCNotifications.exe, PID 7960 because there are no executed function
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                      • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      11:30:25Task SchedulerRun new task: PC Cleaner automatic scan and notifications path: "C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe"
                                                                                                                      12:30:16API Interceptor2x Sleep call for process: PCCNotifications.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      116.203.251.147Setup_WinThruster_2021.exeGet hashmaliciousUnknownBrowse
                                                                                                                        104.16.148.130SecuriteInfo.com.Trojan.MulDrop24.56436.17805.29816.exeGet hashmaliciousUnknownBrowse
                                                                                                                          18.239.199.80https://indd.adobe.com/view/c089ead8-c655-4f75-ab21-1b5eeada85bbGet hashmaliciousUnknownBrowse
                                                                                                                            https://indd.adobe.com/view/5eb686c7-e31b-4c1f-8ad0-cf1a37f20154Get hashmaliciousUnknownBrowse

                                                                                                                              Domains

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              d1atxff5avezsq.cloudfront.nethttps://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 3.161.136.51
                                                                                                                              https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.173.219.116
                                                                                                                              Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.35.116.32
                                                                                                                              Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.35.116.110
                                                                                                                              SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                                                                              • 18.173.219.85
                                                                                                                              SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                                                                              • 18.173.219.36
                                                                                                                              https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.33.82.105
                                                                                                                              https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.33.82.26
                                                                                                                              https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.224.14.115
                                                                                                                              https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                              • 18.154.144.27
                                                                                                                              b217xlnyk0.execute-api.us-west-2.amazonaws.comhttps://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 3.161.193.46
                                                                                                                              Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.226.52.111
                                                                                                                              Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.226.52.64
                                                                                                                              https://download.filezilla-project.org/client/FileZilla_3.63.2.1_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 99.86.4.23
                                                                                                                              www.pchelpsoft.comhttp://t.ly/5N/UGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 104.26.0.116
                                                                                                                              https://laoitserv.com/Vos/00.gifGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.66.43.147
                                                                                                                              https://downloaders.software/index-install.htmlGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.66.40.109
                                                                                                                              http://bowtiexp.software.informer.comGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.66.40.109
                                                                                                                              https://www.exoticanimalsforsale.net/Get hashmaliciousUnknownBrowse
                                                                                                                              • 172.66.43.147

                                                                                                                              ASNs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              CLOUDFLARENETUSSpare part list.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                              • 104.26.12.205
                                                                                                                              Z4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 172.67.139.220
                                                                                                                              https://funcallback.comGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.17.25.14
                                                                                                                              http://www.clinical-partners.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.65.208.22
                                                                                                                              PO_La-Tanerie04180240124.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                              • 172.67.152.117
                                                                                                                              https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2Get hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.129.156
                                                                                                                              https://dl.download-ai.top/Get hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.171.170
                                                                                                                              IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.161.186
                                                                                                                              IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.161.186
                                                                                                                              QUOTATION_APRQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                              • 172.67.200.96
                                                                                                                              HETZNER-ASDEZ4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              UXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              JfOWsh7v0r.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              AaIo4VGgvO.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 95.217.9.149
                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                              • 95.217.244.99
                                                                                                                              AMAZON-02USEfsIiZhHxS.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                              • 34.243.160.129
                                                                                                                              310kHPPXaM.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.254.182.186
                                                                                                                              http://www.clinical-partners.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                              • 108.139.10.63
                                                                                                                              7Ud8fq8tJs.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 54.247.62.1
                                                                                                                              jb6F3H6QH4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                              • 34.254.182.186
                                                                                                                              JCC3MNVgRd.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 54.171.230.55
                                                                                                                              520VcHQQj7.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.249.145.219
                                                                                                                              jssKanl7bD.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                              • 34.249.145.219
                                                                                                                              eI5fTcq2no.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 54.171.230.55
                                                                                                                              1HoxbBh9mb.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                              • 54.171.230.55
                                                                                                                              CLOUDFLARENETUSSpare part list.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                              • 104.26.12.205
                                                                                                                              Z4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 172.67.139.220
                                                                                                                              https://funcallback.comGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.17.25.14
                                                                                                                              http://www.clinical-partners.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.65.208.22
                                                                                                                              PO_La-Tanerie04180240124.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                              • 172.67.152.117
                                                                                                                              https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2Get hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.129.156
                                                                                                                              https://dl.download-ai.top/Get hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.171.170
                                                                                                                              IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.161.186
                                                                                                                              IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.161.186
                                                                                                                              QUOTATION_APRQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                              • 172.67.200.96
                                                                                                                              AMAZON-02USEfsIiZhHxS.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                              • 34.243.160.129
                                                                                                                              310kHPPXaM.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.254.182.186
                                                                                                                              http://www.clinical-partners.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                              • 108.139.10.63
                                                                                                                              7Ud8fq8tJs.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 54.247.62.1
                                                                                                                              jb6F3H6QH4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                              • 34.254.182.186
                                                                                                                              JCC3MNVgRd.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 54.171.230.55
                                                                                                                              520VcHQQj7.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.249.145.219
                                                                                                                              jssKanl7bD.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                              • 34.249.145.219
                                                                                                                              eI5fTcq2no.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 54.171.230.55
                                                                                                                              1HoxbBh9mb.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                              • 54.171.230.55

                                                                                                                              JA3 Fingerprints

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              bd0bf25947d4a37404f0424edf4db9adFilezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              Filezillawin_94199_patched.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31381.20021.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.32147.15984.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              file.exeGet hashmaliciousMicroClipBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              infected.zipGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              SecuriteInfo.com.W64.Trojan.GKA.gen.Eldorado.9795.9321.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              uNa2pw53jv.htaGet hashmaliciousUnknownBrowse
                                                                                                                              • 18.239.199.80
                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1udVh4Ist4Z.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              samradapps_datepicker_221114.xlamGet hashmaliciousUnknownBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              Enquiry 230424.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              URGENTE_NOTIFICATION.cmdGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              fu56fbrtn8.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              Payment MT103.xlsGet hashmaliciousUnknownBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              Ref_Order04.xlsGet hashmaliciousUnknownBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              FT. 40FE CNY .xlsx.lnkGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              OHkRFujs2m.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                              • 216.239.32.21
                                                                                                                              • 116.203.251.147
                                                                                                                              • 104.26.1.116
                                                                                                                              • 104.16.148.130
                                                                                                                              37f463bf4616ecd445d4a1937da06e19Z4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              IPrstVM17M.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              Zapytanie ofertowe Fl#U00e4ktGroup 04232024.htaGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              Umulighed.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              responsibilityleadpro.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195
                                                                                                                              8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                              • 104.26.1.116
                                                                                                                              • 172.67.73.195

                                                                                                                              Dropped Files

                                                                                                                              No context

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Animation.gif (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:GIF image data, version 89a, 48 x 48
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3965
                                                                                                                              Entropy (8bit):7.40982595860968
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:I796+qTY+rVj7rP0G3Vd3AbHAEv5+XBBWFVUUfkkVcya3Bu:I79bqk6nL987GBERc2h0u
                                                                                                                              MD5:915F2CE934FD4789216B91BF9C2609FD
                                                                                                                              SHA1:CB942F9E699D07F85A008E8131BB8A92A3974F87
                                                                                                                              SHA-256:135D81FEEF8BC93E48F3D929D9249ABE56E8B0A566F51964C8CAD28602219250
                                                                                                                              SHA-512:273A720A72EB1EF150B3EE33ED39DDF5356753EA09E23726B44223CE4CC2A13CA94AF6E08CB9CD84352A71EC8FA0D6E17B6FC51643E1D9D7A1DAB66B33695C01
                                                                                                                              Malicious:false
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:GIF89a0.0..U................cdfstv.........................................................................................................................{|~.......mnp.............................................................................wwy....................................................................................................................................!..NETSCAPE2.0.....!.....U.,....0.0.....T......................3..3..............'..%-%............-..-.%.%...........2...0.G.*.*.'.0.........................P.F...).O..Q....`...$.tPa...C.Z. ...].......(S.k....=..."@...W$H.B.%.6mrX.c....n...bQ.....[.K...;c.K!"D9F1:t.....B...H...._:5 R.@........R..uk-...@.K!...,....#.M(..R.....r0.3.B.D..4..fY.;K(...J....>;.H...Ix.9......7...!.....U.,....%.&.....T.....-..R............T................)............%.2..6..6....T..............3.3................!..#...1+..5.....5......."..._?*L....A....).... ..... .)P@h....+$. I..D...1.#..,

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Brazilian.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Generic INItialization configuration [Actions]
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):98058
                                                                                                                              Entropy (8bit):4.900587252762861
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:a9YdfmldiuWrWgqdCS20bxeJzjb7zhIoLW+yMbO4TYEXuVax8eAGsMKZV1t:2Yw2SdCS20eJzjb7zhIoLW9EO4Ts0RAf
                                                                                                                              MD5:D6F95D407E81BB24A26CEFCA943E6A26
                                                                                                                              SHA1:4CA7AD5039314FDB66905997857F5D3B9329CF35
                                                                                                                              SHA-256:6B70C646B90685E7396E64B22D16A6AF295B6F8984538D06DE4D32024C992A96
                                                                                                                              SHA-512:A2971ACCD3058166C16AF12E3E6D2987010DFDEE5DF68FFB8A9F0F230F90EE3CA20AFD3C70CEF76F51AB6AFB8C26D5E62C49B5F777A32EE6D2D46DA7B74E5395
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:..[Buttons]..Minimize=Minimizar..Close=Fechar..Exit=Sair..Help=Ajuda..StartScan=Iniciar An.lise..Cancel=Cancelar..Details=Detalhes..MoreInfo=Mais informa..es..Fix=Corrigir..SelectAll=Selecionar tudo..DeselectAll=Desmarcar tudo..SelectCustom=Selecionar personalizar..Scan=Varredura..Find=Localizar..Search=Procurar..Remove=Remover..Save=Guardar..AddItem=Adicionar item..RemoveItem=Remover item..RemoveItems=Remover itens..ClearAll=Eliminar tudo..Add=Adicionar..Edit=Editar..Delete=Excluir..Back=Voltar..Next=Pr.ximo..Refresh=Atualizar..CheckAll=Marcar tudo..UncheckAll=Desmarcar tudo..SaveClose=Salvar && Fechar..OK=OK..No=N.o..OkThanks=OK, obrigado..NoThanks=N.o, obrigado..Yes=Sim..Apply=Aplicar..Excluded=Exclu.do....[Actions]..Actions=A..es..Action1=In.cio..Action2=Limpar..Action3=Seguran.a..Action3Hint=Proteja seu computador e suas informa..es pessoais..Action4=Caixa de ferramentas..Action4Hint=As Ferramentas e Aplicativos ajudam voc. a gerenciar com seguran.a o computador..Ac

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Cookies.txt (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):245
                                                                                                                              Entropy (8bit):4.2187986967942805
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:I6DRnGNKyZCvM30eDKyZTeToj5K4YIKZ8x:I6DRnGNT0EXZTekj5o9ZI
                                                                                                                              MD5:F64C612CF669E719DFABC162FBDD61E5
                                                                                                                              SHA1:A3018CAAD39AB800F8F7E5DF6B7DE136E873E5D6
                                                                                                                              SHA-256:A193F2EBA15CEF7FE439E4F0292AF90BD46EEE89730BD390E04C365F3E62DEB4
                                                                                                                              SHA-512:62922CE844B4B4285D6EB30B7515FC0F1C6552D5825AAA33D2D9CDC091D68CFD503C2D521BC3E26765DF0600652487532F9CE8AB788F9931BF1CDD7BD045CEC2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:google.com..gmail.com..youtube.com..aol.com..bing.com..yahoo.com..login.live..outlook.com..microsoft.com..twitter.com..facebook.com..instagram.com..linkedin.com..paypal.com..netflix.com..fatmedia.io..doubleclick.net..clarity.ms..pchelpsoft.com..

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Danish.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Generic INItialization configuration [Actions]
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):91793
                                                                                                                              Entropy (8bit):4.90143972057364
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:ZMdM9tnhz/0ZzBkRFxNr3fuvSF+Vh8JaAOUjnBD:PXp/UkRFxNjt+DhrU5
                                                                                                                              MD5:EFA73B8135E9046038538B20E93C9FA1
                                                                                                                              SHA1:11A2DA136E6BA914184A4AE4678923083FE9E6DA
                                                                                                                              SHA-256:129D94B7DD0166AB2AF827C53A4A065CC0AF2DE9812371084B46EC4F26CF3ED7
                                                                                                                              SHA-512:509CBC1C810FEC0FD6854D05EB92AE8DAAFC209F41D7BB501B2B4520A0B531C298B02ECAA9C5126ED81EFE0CF9F5E92E96898A5E86ABA031D3FFB8FB9A815010
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:..[Buttons]..Minimize=Minimer..Close=Luk..Exit=Afslut..Help=Hj.lp..StartScan=Start scanning..Cancel=Annuller..Details=Detaljer..MoreInfo=Flere oplysninger..Fix=Repar.r..SelectAll=Mark.r alt..DeselectAll=Frav.lg alle..SelectCustom=V.lg brugerdefineret..Scan=Scan..Find=Find..Search=S.g..Remove=Fjern..Save=Gem..AddItem=Tilf.j element..RemoveItem=Fjern element..RemoveItems=Fjern elementer..ClearAll=Ryd alle..Add=Tilf.j..Edit=Rediger..Delete=Slet..Back=Tilbage..Next=N.ste..Refresh=Opdat.r..CheckAll=Mark.r alle..UncheckAll=Fjern markering af alle..SaveClose=Gem og luk..OK=OK..No=Nej..OkThanks=Ok, tak..NoThanks=Nej tak..Yes=Ja..Apply=Anvend..Excluded=Udelukket....[Actions]..Actions=Handlinger..Action1=Hjem..Action2=Rens..Action3=Sikkerhed..Action3Hint=Beskyt din computer og dine private oplysninger..Action4=V.rkt.jskasse..Action4Hint=V.rkt.jer og programmer til at hj.lpe dig med sikkert at administrere din computer..Action5=Optim.r..Action5a=Optimering..Action5Hint=Tjek for m

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Dutch.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (465), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):96348
                                                                                                                              Entropy (8bit):4.819954314950435
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:bj6v8nZN1+H8IQtdaMguaq/Dx63SAin3XZ1N5hWkUC7kBSXHc3x90B9sWAcv12X2:bj6v8Z6cIQtdaM4qySAin3XZ1N5hWkUo
                                                                                                                              MD5:1723BE45104CDAC92B84F99255F66D11
                                                                                                                              SHA1:C4100926DEA1E20BF89B91D8AF78C144C9D8CC1E
                                                                                                                              SHA-256:B176C4224DF8CCBC78AED40162DD7A86AE4F4C442F2DB7783C8BE977008D60EC
                                                                                                                              SHA-512:05ADDBBE027CF4E7203B89A011B1C44885D1FC4B3AB3229BA9299FC094BF77B9F27C80E3C931207B7B5FF3B5270806213EC95720EB8478A841A1FD7F87E0674E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:...[Buttons]..Minimize=Minimaliseren..Close=Sluiten..Exit=Afsluiten..Help=Help..StartScan=Scan starten..Cancel=Annuleren..Details=Details..MoreInfo=Meer informatie..Fix=Oplossen..SelectAll=Alles selecteren..DeselectAll=Alles deselecteren..SelectCustom=Selectie aanpassen..Scan=Scannen..Find=Zoeken..Search=Zoeken..Remove=Verwijderen..Save=Opslaan..AddItem=Item toevoegen..RemoveItem=Item verwijderen..RemoveItems=Items verwijderen..ClearAll=Alles wissen..Add=Toevoegen..Edit=Bewerken..Delete=Verwijderen..Back=Terug..Next=Volgende..Refresh=Vernieuwen..CheckAll=Alles inschakelen..UncheckAll=Alles uitschakelen..SaveClose=Opslaan && Sluiten..OK=OK..No=Nee..OkThanks=OK, bedankt..NoThanks=Nee, bedankt..Yes=Ja..Apply=Toepassen..Excluded=Uitgesloten....[Actions]..Actions=Acties..Action1=Home..Action2=Opruimen..Action3=Beveiliging..Action3Hint=Uw computer en persoonsgegevens beschermen..Action4=Gereedschapskist..Action4Hint=Hulpmiddelen en toepassingen om uw computer veilig te beheren..Action5=Opt

                                                                                                                              C:\Program Files (x86)\PC Cleaner\English.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Generic INItialization configuration [Actions]
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):83750
                                                                                                                              Entropy (8bit):4.8644628536139995
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:vIuMCZO9ZAxZFhk/YnODFOKSXXW8EeOeO7NC5u8FzoNO44z4FaQxBWdseSeaVHEU:QwY0ZOGXu7NC5u8FziO+zxBvjEMr
                                                                                                                              MD5:C304408A360456B08D1FDF319166702D
                                                                                                                              SHA1:5B58C82FD4F316AED09BBDCAEB1A895AFC3F42DB
                                                                                                                              SHA-256:B6CCD92470726F0D35D0DC7A8F61DD0F17AC06C55550939351C49ACD2809E919
                                                                                                                              SHA-512:02CFBE75D6410CBB5484084176EF88FC1E4C5EC2CADF3EB871B14625B05770BC1D9AC0FF3022EDDDD312F7B603171BC963CD63623678AB4086265C4AA66C07E1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:..[Buttons]..Minimize=Minimize..Close=Close..Exit=Exit..Help=Help..StartScan=Start Scan..Cancel=Cancel..Details=Details..MoreInfo=More info..Fix=Fix..SelectAll=Select all..DeselectAll=Deselect all..SelectCustom=Select custom..Scan=Scan..Find=Find..Search=Search..Remove=Remove..Save=Save..AddItem=Add item..RemoveItem=Remove item..RemoveItems=Remove items..ClearAll=Clear all..Add=Add..Edit=Edit..Delete=Delete..Back=Back..Next=Next..Refresh=Refresh..CheckAll=Check all..UncheckAll=Uncheck all..SaveClose=Save && Close..OK=OK..No=No..OkThanks=OK, thanks..NoThanks=No, thanks..Yes=Yes..Apply=Apply..Excluded=Excluded....[Actions]..Actions=Actions..Action1=Home..Action2=Clean Up..Action3=Security..Action3Hint=Protect your computer and your personal information..Action4=Toolbox..Action4Hint=Tools and Applications to help you safely manage your computer..Action5=Optimize..Action5a=Optimization..Action5Hint=Check for ways to optimize your PC..Action6=Settings..Action6a=Program settings....[Messages

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Finnish.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (408), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):95521
                                                                                                                              Entropy (8bit):4.858845216734456
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:WcCHxbyYxDj1Uens4ssUVTDukUrtMOLLioJ8oBBN+zLeWJn3CviRxjw9qN2zwIhM:KxbyYx/1Uens4ssIukUrCOLLidMBszi8
                                                                                                                              MD5:32F8D94CF3326E223D0A3B572C22A069
                                                                                                                              SHA1:1FBB2CB20E4541FA189C85EF42742E5130ECDE0C
                                                                                                                              SHA-256:4B23102A29739E5A2A3B65A1AD1089FB5823B17ED97B4434CE33F576BB959FF6
                                                                                                                              SHA-512:6E0AD2A60E346C4FF6502404A833905AE2A5E179398CE17BA4D646BA8DFE3226186A153E21CF972AA8E120FA68ECA0A15AF697EDCC9AA14952911781B9A76E0F
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Pienenn...Close=Sulje..Exit=Lopeta..Help=Ohje..StartScan=Aloita skannaus..Cancel=Peruuta..Details=Yksityiskohdat..MoreInfo=Lis.tietoja..Fix=Korjaa..SelectAll=Valitse kaikki..DeselectAll=Poista kaikkien valinta..SelectCustom=Valitse arvot..Scan=Skannaus..Find=Etsi..Search=Hae..Remove=Poista..Save=Tallenna..AddItem=Lis.. kohde..RemoveItem=Poista kohde..RemoveItems=Poista kohteet..ClearAll=Tyhjenn. kaikki..Add=Lis....Edit=Muokkaa..Delete=Poista..Back=Takaisin..Next=Seuraava..Refresh=P.ivit...CheckAll=Valitse kaikki..UncheckAll=Poista kaikki valinnat..SaveClose=Tallenna && Sulje..OK=OK..No=Ei..OkThanks=OK, kiitos..NoThanks=Ei kiitos..Yes=Kyll...Apply=K.yt...Excluded=Poissuljettu....[Actions]..Actions=Toiminnat..Action1=Etusivu..Action2=Puhdista..Action3=Turvallisuus..Action3Hint=Suojele tietokonettasi ja henkil.tietojasi..Action4=Ty.kalupakki..Action4Hint=Ty.kaluja ja sovelluksia, joilla voit hallita turvallisesti tietokonettasi..Action5=Optimoi..Act

                                                                                                                              C:\Program Files (x86)\PC Cleaner\French.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (410), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):105033
                                                                                                                              Entropy (8bit):4.930457985874322
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:8OsRmsfzl4riKoixrScAHeaTfeg/W8gg840gh40n:GRmsfzlbSxrScAHeaTfeg/2g8ah40n
                                                                                                                              MD5:C7B4409CFB74F33FD2023F1D0B326292
                                                                                                                              SHA1:DADA60FF824367F5992BEEE40FEAF0CBF3366215
                                                                                                                              SHA-256:422D0E44CB3292492674DF1D07992483822F6BD035C082EDB8C4C57205D09FA9
                                                                                                                              SHA-512:F80B291D827F51CFA15847717B396191345F2FD3F6798ADF7A175005C068AA9493330728E51F2B5E2C4868CECA101ADF404B2FE6955E27B713D5B4265A48B49D
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=R.duire..Close=Fermer..Exit=Quitter..Help=Aide..StartScan=Lancer analyse..Cancel=Annuler..Details=D.tails..MoreInfo=Plus d.infos..Fix=Corriger..SelectAll=S.lectionner tout..DeselectAll=D.s.lectionner tout..SelectCustom=S.lection personnalis.e..Scan=Analyser..Find=Rechercher..Search=Recherche..Remove=Supprimer..Save=Enregistrer..AddItem=Ajouter .l.ment..RemoveItem=Supprimer .l.ment..RemoveItems=Supprimer .l.ments..ClearAll=Effacer tout..Add=Ajouter..Edit=Modifier..Delete=Supprimer..Back=Pr.c.dent..Next=Suivant..Refresh=Rafra.chir..CheckAll=Cocher tout..UncheckAll=D.cocher tout..SaveClose=Enregistrer et Fermer..OK=OK..No=Non..OkThanks=OK, merci..NoThanks=Non, merci..Yes=Oui..Apply=Appliquer..Excluded=Exclus....[Actions]..Actions=Actions..Action1=Accueil..Action2=Nettoyage..Action3=S.curit...Action3Hint=Prot.gez votre ordinateur et vos informations personnelles..Action4=Bo.te . outils..Action4Hint=Outils et applications pour vous aider . u

                                                                                                                              C:\Program Files (x86)\PC Cleaner\GExts.txt (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):357381
                                                                                                                              Entropy (8bit):5.041504026663943
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:41LPwkFKOwigTWlekAVZrtZR+JZ+TSPLJ+C/YQICk5QTWuORT3R1bavX+9oMsv3o:8PwkFKuAVBtrwnJ+C/YOORzR5qF43T
                                                                                                                              MD5:1276E1DAB8F69BF8730FE2598059338C
                                                                                                                              SHA1:CD8E127E154DE44574AB9FE391338E8834EA4C9E
                                                                                                                              SHA-256:C21419FB42DFB8422AA07EBAFC1F68CE5BFA51032307F4AB1364BDE4AF91E2A3
                                                                                                                              SHA-512:B6BAB548BC2839BE718F2415AED940FE40A634E3710BF1B08AEE94A2A6F4E3AA255C7FB87A8A78CF47163CB70B4A50D754DE13643103C8C769E9469606076969
                                                                                                                              Malicious:false
                                                                                                                              Preview:Obnf$Qvcmjtifs$Wfstjpo$Ibti!JE$Sfdpnnfoe!up!Sfnpwf$Opu!po!Bqq!Tupsf$Ofhbujwf!Gffecbdl$Tfbsdi!Npofuj{bujpo$BqqFtuffn..Tfbsdi!Fyufotjpo!cz!Btl$$61/29:/29/41392$kcmedpnggpknllkccmidfcfjdcodnkqg$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:2$fpdoopbdlpekbhecbpeeikclqkbcjnfe$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:5/2:/25:1:$plneloifkkjjdildqqpqqebloflkflpb$2$1$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/29:/29/41392$fpdoopbdlpekbhecbpeeikclqkbcjnfe$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:2$jpipqcnckgomdknngcghfemndfmcgkmj$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/29:/29/41398$mhgfigcopgjggmbeeodphgpcjnfbmplq$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:2$cnkcgnpgjfijhkidqbpcigpqofmboecp$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/29:/29/41799$jmnfiqnhpepjqffdjikccbdjfpoegbbi$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/295/28/46799$mhgfigcopgjggmbeeodphgpcjnfbmplq$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:1$ihbempeefnqnfnfjooqnigpqlmijbfei$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:1$cl

                                                                                                                              C:\Program Files (x86)\PC Cleaner\German.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (479), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):102006
                                                                                                                              Entropy (8bit):4.957828326544856
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:KIuRY5Ov7Ii/sPsNf8a9GnhkmVTLdsPdjjNOzAKH7oVkZQpxacNqbVTXZI2FQe0n:Huue7IcsUEKGnxdsPlYHul6Vqyj6z
                                                                                                                              MD5:54C515BFCA3BE851C5BA289D8B2EF2E4
                                                                                                                              SHA1:33115AC708C444FB0B974838A22D19CD2273E960
                                                                                                                              SHA-256:BE36EF613BD8E7746E00573F7DDB24D551BBEB4EF1E75125CC92893870269623
                                                                                                                              SHA-512:E88B70CBCBBC866CBEF795A1EAE7349986C3DC88C05F944A95EAE75752B54861FF6FE949D059BD532EB0EE0E85E5B6A95FF47DD4655B5F8C1AF83E6B5EDEEB01
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimieren..Close=Schlie.en..Exit=Beenden..Help=Hilfe..StartScan=Pr.fung starten..Cancel=Abbrechen..Details=Details..MoreInfo=Mehr Info..Fix=Beheben..SelectAll=Alles markieren..DeselectAll=Nichts markieren..SelectCustom=Benutzerdefinierte Auswahl..Scan=Pr.fen..Find=In den Ergebnissen finden:..Search=Suchen..Remove=Entfernen..Save=Speichern..AddItem=Hinzuf.gen..RemoveItem=Entfernen..RemoveItems=Elemente entfernen..ClearAll=Alles entfernen..Add=Hinzuf.gen..Edit=Bearbeiten..Delete=L.schen..Back=Zur.ck..Next=Weiter..Refresh=Aktualisieren..CheckAll=Alles markieren..UncheckAll=Nichts markieren..SaveClose=Speichern und Schlie.en..OK=OK..No=Nein..OkThanks=OK, danke..NoThanks=Jetzt nicht..Yes=Ja..Apply=.bernehmen..Excluded=Ausgeschlossen....[Actions]..Actions=Aktionen..Action1=Start..Action2=S.ubern..Action3=Sicherheit..Action3Hint=Computer und pers.nliche Daten sch.tzen..Action4=Toolbox..Action4Hint=Tools und Anwendungen zur sicheren Verwaltung des Computer

                                                                                                                              C:\Program Files (x86)\PC Cleaner\HomePage.url (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:MS Windows 95 Internet shortcut text (URL=<https://www.pchelpsoft.com/>), ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):53
                                                                                                                              Entropy (8bit):4.502718624949096
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:HRAbABGQYm2frSLf0Gyn:HRYFVm4GLryn
                                                                                                                              MD5:B02B6C7633D3E401211E70183F832CFA
                                                                                                                              SHA1:D964AA34AA5E6D862433DAF7DEEBCF891F34EE91
                                                                                                                              SHA-256:EB27035842086FB45A23697824FC6E34C7C5B4947A39C28BDDAA0CE102F68337
                                                                                                                              SHA-512:260CC0DC38A1E904667BEDFDA93D705444038EBC38E5F3B21E9B7BDFD746D4C236C1317C39761971CD4709F1F11BC8F4C26BCD4645DEC3189EBF96C9AFC6AB1B
                                                                                                                              Malicious:false
                                                                                                                              Preview:[InternetShortcut]..URL=https://www.pchelpsoft.com/..

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Ids.txt (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1050
                                                                                                                              Entropy (8bit):4.544556686156469
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:KqxHibUFGQSU6ifMyQW6wGtTwpTdTiToZT+T6rLTA:KqxHI4l2woTcTdTiTUT+T6rLTA
                                                                                                                              MD5:82B0C12AFC82BB2CE9FE25055032012A
                                                                                                                              SHA1:C1686583E644F810495B49FFDDE585AB53F5AE1E
                                                                                                                              SHA-256:C1DB4573E9D2A9C4FED3AF2B14214C2A1A38DB79FC72A77BD5239FC2C6C561B6
                                                                                                                              SHA-512:EA825B3E8D3877E94FE3F6D14026E9C45F4F4B4CFF7FDDA7E935A23456289D8891D234AD0E72A04ACED9D0A79610C94C270CC073E82FA2564FAC41551C95684B
                                                                                                                              Malicious:false
                                                                                                                              Preview:bhsffnfou>Bhsffnfout..bhsffnfout>Bhsffnfout..cfofgjdjbsjft>Bhsffnfout..cfofgjdjbsz>Bhsffnfout..dpousbdut>Bhsffnfout..dpousbdu>Bhsffnfout..dpogjefoujbm>Bhsffnfout..mbtu!xjmm!boe!uftubnfou>Bhsffnfout..mbtu!xjmm>Bhsffnfout..cboljoh>Gjobodjbm..cbolt>Gjobodjbm..cbol>Gjobodjbm..cvehfufe>Gjobodjbm..cvehfut>Gjobodjbm..cvehfu>Gjobodjbm..efcut>Gjobodjbm..efcu>Gjobodjbm..gvoe>Gjobodjbm..qbzdifdlt>Gjobodjbm..qbzdifdl>Gjobodjbm..ubyft>Gjobodjbm..uby>Gjobodjbm..dsfeju!dbset>Gjobodjbm..dsfeju!dbse>Gjobodjbm..ejsfdu!efqptjut>Gjobodjbm..ejsfdu!efqptju>Gjobodjbm..OOOO.OOOO.OOOO.OOOO>Gjobodjbm..OOOO!OOOO!OOOO!OOOO>Gjobodjbm..OOOO!OOOOOO!OOOOO>Gjobodjbm..OOOO.OOOOOO.OOOOO>Gjobodjbm..OOO.OO.OOOO>Gjobodjbm..OOO!OO!OOOO>Gjobodjbm..21:6.b>Gjobodjbm..2151>Gjobodjbm..21::>Gjobodjbm..21:9>Gjobodjbm..x.5>Gjobodjbm..x.3>Gjobodjbm..l.2>Gjobodjbm..x5>Gjobodjbm..x3>Gjobodjbm..l2>Gjobodjbm..qbttxpset>QfstpobmJEt..qbttxpse>QfstpobmJEt..tpdjbm!tfdvsjuz>QfstpobmJEt..tto>QfstpobmJEt..esjwfs!mjdfotft>QfstpobmJEt..esjwfs!mj

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Italian.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):96723
                                                                                                                              Entropy (8bit):4.750419032324512
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:HQawOWr9tSlBvlELHD0yOlFEsLTkouRNTwgs//Yulvx8jFmtVT2SiztAfT/iKEn:HQawOWriplELHDzOlFEsLTko6NTw9/1C
                                                                                                                              MD5:F8C18A2BFC5DC086860720BF04738887
                                                                                                                              SHA1:005AE69894FA519AF628CB5A13A0FEAA4F119885
                                                                                                                              SHA-256:FAFBAD18C2E6662179174592667B90EF4C250180BC692F28C82D95EE15F00F4B
                                                                                                                              SHA-512:C2FFD75B0BA9D1900F769E14D05DFFED680A02B1D7CC4902F275CDABE675A618CE094B0A7C067893CBFEBB9A2516790A2C827537C193D61327C2353D38A89FB2
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Riduci a icona..Close=Chiudi..Exit=Esci..Help=?..StartScan=Avvia analisi..Cancel=Annulla..Details=Dettagli..MoreInfo=Ulteriori informazioni..Fix=Correggi..SelectAll=Seleziona tutto..DeselectAll=Deseleziona tutto..SelectCustom=Seleziona personalizzato..Scan=Analizza..Find=Trova nei risultati:..Search=Trova..Remove=Rimuovi..Save=Salva..AddItem=Aggiungi voce..RemoveItem=Rimuovi voce..RemoveItems=Rimuovi voci..ClearAll=Cancella tutto..Add=Aggiungi..Edit=Modifica..Delete=Cancella..Back=Indietro..Next=Avanti..Refresh=Aggiorna..CheckAll=Seleziona tutto..UncheckAll=Deseleziona tutto..SaveClose=Salva e Chiudi..OK=OK..No=No..OkThanks=OK, grazie..NoThanks=No grazie..Yes=S...Apply=Applica..Excluded=Escluso....[Actions]..Actions=Azioni..Action1=Home..Action2=Pulizia..Action3=Sicurezza..Action3Hint=Proteggere il computer e le informazioni personali..Action4=Casella strumenti..Action4Hint=Strumenti e applicazioni per agevolare la gestione in sicurezza del computer..Action5=O

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Japanese.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):120532
                                                                                                                              Entropy (8bit):5.4969391087049155
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:jfSuH2hSjL2UtPs3lM2hvSnBtS6DljVlP+2I9MxgsmkCrmkAYmooIw94:jfSuH2hW28seNjtjVlP+2I99kCrmdIwa
                                                                                                                              MD5:DA25BD216C22695F2EABEE6725E5BB25
                                                                                                                              SHA1:424E75FDB1EE19782318EC0D7587A88912768EE4
                                                                                                                              SHA-256:D7CD804A5367C063FC3F8BF90CA07155E514E17542F16FC308AB035A41BF136D
                                                                                                                              SHA-512:F8302C877A6B669AAB88498DE6BDE4F84614EA12E2066B7FFC0CE2CEE300B33D2B5543EEB812E4B02683FE3E067A698473F72B74294463F09EE8946BCFBF0EBC
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=.........Close=...(C)..Exit=..(X)..Help=...(H)..StartScan=........Cancel=.......Details=....MoreInfo=........Fix=....SelectAll=.......DeselectAll=.........SelectCustom=.........Scan=......Find=....Search=....Remove=....Save=....AddItem=.......RemoveItem=.......RemoveItems=.......ClearAll=........Add=....Edit=..(E)..Delete=....Back=....Next=............Refresh=....CheckAll=.........UncheckAll=...........SaveClose=.........OK=OK..No=.....OkThanks=OK.............NoThanks=......Yes=....Apply=....Excluded=........[Actions]..Actions=....Action1=.....Action2=.........Action3=........Action3Hint=..........

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Norwegian.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (382), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):90299
                                                                                                                              Entropy (8bit):4.887943066768034
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:EqrcN8h8qoKm58LcM2+IUmSNwzjiYgG504YEnhJ0mxEAszmQAwNq:EAYs8qoKmmLcM2+IUML5VHhJ0mxE5maI
                                                                                                                              MD5:FC72152FEDF9A71D59261027DDD0C366
                                                                                                                              SHA1:ABA64C932CDC079715791495105358D405994AAB
                                                                                                                              SHA-256:999B9B065071B4428E07CFEA82B847588C0A06B2E307256537C355AB0710A36D
                                                                                                                              SHA-512:DBF913A946704B9F465D467C52BEE05719D380F00AAB6030224ACA1534DD89A0F68A71746F0EBDCC99CEEFD880399053A216CE06A42DBB313B119DEF8F27F6DF
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimer..Close=Lukk..Exit=Avslutt..Help=Hjelp..StartScan=Start skanning..Cancel=Avbryt..Details=Detaljer..MoreInfo=Mer info..Fix=Reparer..SelectAll=Merk alt..DeselectAll=Fjern all merking..SelectCustom=Velg tilpasset..Scan=Skanne..Find=Finn..Search=S.k..Remove=Fjern..Save=Lagre..AddItem=Legg til element..RemoveItem=Fjern element..RemoveItems=Fjern elementer..ClearAll=Fjern alle..Add=Legg til..Edit=Rediger..Delete=Slett..Back=Tilbake..Next=Neste..Refresh=Oppdater..CheckAll=Merk av alle..UncheckAll=Fjern avmerking p. alle..SaveClose=Lagre og lukk..OK=OK..No=Nei..OkThanks=OK, takk..NoThanks=Nei takk..Yes=Ja..Apply=Bruk..Excluded=Ekskludert....[Actions]..Actions=Handlinger..Action1=Hjem..Action2=Rens..Action3=Sikkerhet..Action3Hint=Beskytt datamaskinen og din personlige informasjon..Action4=Verkt.ykasse..Action4Hint=Verkt.y og programmer som hjelper deg med trygg administrering av datamaskinen..Action5=Optimer..Action5a=Optimering..Action5Hint=Se etter m.ter .

                                                                                                                              C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5092712
                                                                                                                              Entropy (8bit):6.674014917618654
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:2DFTjRq/SOxAS5hYcJ4A5PGxlU3R1HlpF1EhyOiFdx1sYlaTl8+cO:2DNFqJ5+xlWR1HZWyOiN1QXz
                                                                                                                              MD5:FFCD8953CCB602777CE77EF08F6368C7
                                                                                                                              SHA1:5B09ED4D4409D55BB6C96B820610D69C6CB41D38
                                                                                                                              SHA-256:42A13260527EA1E944791C267095B3558438020F6B16FC639222FA4ABFE5905B
                                                                                                                              SHA-512:693D83399C5EC7F0063C412156A7899AEBDF71B40E62565E4E0704CF95E185C96FC7E173E93E2B4440D05C9F351EE9AF6E2A2B7D9705D73965F39B7520A12C87
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...7".f.................R:..6.......T:......p:...@..........................pN......CN...@......@...................`=.......=..;....B..r............M.h)....=..U............................=.....................L.=......P=......................text.....:.......:................. ..`.itext..tI... :..J....:............. ..`.data........p:......V:.............@....bss.....z....<..........................idata...;....=..<...t<.............@....didata......P=.......<.............@....edata.......`=.......<.............@..@.tls....X....p=..........................rdata..].....=.......<.............@..@.reloc...U....=..V....<.............@..B.rsrc....r....B..r....B.............@..@.............pN.......M.............@..@................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\PCCleaner.exe (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10560360
                                                                                                                              Entropy (8bit):6.73903100760208
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:/OGHyihNP+DsNCs32tmV+sKv53MtrGlwylZ80J8KSBbJXcNUIgE:xHyMe22QOBcCmylZT8Kq+NxH
                                                                                                                              MD5:F5AEC68E32818A9A647615FDA4414B65
                                                                                                                              SHA1:BEB46158B2679D1D92E7C49DDE8D5AB43A214602
                                                                                                                              SHA-256:ABBAF8B76DD9336EDE5E24FB8B8237B151166C5F4DA361FBFD032A25F1B295AF
                                                                                                                              SHA-512:DD6A54F1C9B0BEF58B5C6DF07DBDA86E359D47C83B411EF9EC2A6D4A8C0CB40B61AD80813FC7E7B8818026B4744F645E7DE5215F3606B8B9C1C625EA8FFA0828
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....!.f.................8r..........Cr......Pr...@................................"-....@......@....................u......`u..R........".............h)....v..............................v......................nu.......u......................text.....q.......q................. ..`.itext...O....r..P....q............. ..`.data....u...Pr..v...<r.............@....bss....@.....t..........................idata...R...`u..T....t.............@....didata.......u.......u.............@....edata........u...... u.............@..@.tls....\.....u..........................rdata..].....v......"u.............@..@.reloc.......v......$u.............@..B.rsrc....."......."...~.............@..@...................................@..@................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\PCHSUninstaller.exe (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):257048
                                                                                                                              Entropy (8bit):5.729080570630172
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:b29aigIheEW31K5okfdGDNxDzcDzCtXOHnfn7Ej/j1+4uEJxiOq:q9JgQI1A6FcDKj/j1+4uEPy
                                                                                                                              MD5:D0DF412916EEFADA68E7906FCDF3B276
                                                                                                                              SHA1:4243522286AC5DC7ED3B199CCE905F8E1507EC5A
                                                                                                                              SHA-256:730416D01A0B595BA603A12CA741FAE0BC45B90E5B63C3B23C74195EAEB6A6F7
                                                                                                                              SHA-512:E1D494BACBEAEE084B760CE258E06FE24C2E685543DB0C5802031B8981F05CEA711B2F6F57E5E04651D66568DEEF3C0A2013BE171705427B00DE7E7B10607ECD
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...2..a..........................................@..............................................@......................x....`..P........................2......8*...................................................b.......p.......................text...@........................... ..`.itext.............................. ..`.data...............................@....bss.....Z...............................idata..P....`......................@....didata......p......................@....edata..x...........................@..@.tls.....................................rdata..]...........................@..@.reloc..8*.......,..................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\PlayaSDK.dll (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):983608
                                                                                                                              Entropy (8bit):6.738020744892371
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:lLmp4GqU+az1Y3E6URUONbnLsiTGUE23CeTrBA8bpd7RRzS6gp/f:lLmMUFYeRUQ9CeTrBA8bpd7RRzS6gp/f
                                                                                                                              MD5:11A813C0972B740937D3A7E2DAF9FFCB
                                                                                                                              SHA1:4245B5A3C97F725C56A29D745767EDEBB5E3F15D
                                                                                                                              SHA-256:3F933BCED2D9F65D48F7C48715BF286FD431341A74E1CE15D39B7C4C96603CF9
                                                                                                                              SHA-512:9A590DCAB0CF7051D04743736EA7A6B74FA0F87539580CC41A58AD33A76574201E7B6D54D5100CBCD262266BC55B053243EDD4860A2D43DEEB1C164395E4A941
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......7:.+s[.xs[.xs[.x(3.y|[.x(3.y.[.x(3.ye[.x.4wxt[.x!..yc[.x!..yk[.x!..y [.xB.wxq[.x.4.y.[.x(3.y|[.xs[.x|Z.x...yb[.x...yr[.x..uxr[.xs[.xr[.x...yr[.xRichs[.x........................PE..L....w.b...........!.........h............................................... ......e.....@.........................P.......$...........................8$......@....e..p....................g.......f..@............................................text.............................. ..`.rdata..J...........................@..@.data...@H...0...6..................@....rsrc................J..............@..@.reloc..@............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Polish.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (456), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):100922
                                                                                                                              Entropy (8bit):5.224168864114355
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:cJddFe2KY3HUFKkib/sacRiF+iWUXBHZi:vY3HUFKkib/sakiFrJXBHZi
                                                                                                                              MD5:2E82A327D2DA7F810F3D25AE02EB9B4F
                                                                                                                              SHA1:55903A18F8EEF320AEA8FE93547FB217244DA8D7
                                                                                                                              SHA-256:E7D47C0F54644A48493421075F5B17C53BF3302565B8178E60F64A2393F7145C
                                                                                                                              SHA-512:1BFA12E50D859639D975D2AC390C8CBCCACD080D6083BE5BB5744219A8F114A6FAF277F3511AAF3C6F36CD4EF5F706732832F4FF49D7AC060BB4055C2BFA87A5
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Zmniejsz..Close=Zamknij..Exit=Zako.cz..Help=Pomoc..StartScan=Skanuj..Cancel=Anuluj..Details=Szczeg..y..MoreInfo=Wi.cej informacji..Fix=Napraw..SelectAll=Zaznacz wszystko..DeselectAll=Odznacz wszystko..SelectCustom=Wyb.r w.asny..Scan=Skanuj..Find=Znaleziono w wynikach:..Search=Wyszukaj..Remove=Usu...Save=Zapisz..AddItem=Dodaj element..RemoveItem=Usu. element..RemoveItems=Usu. elementy..ClearAll=Wyczy.. wszystko..Add=Dodaj..Edit=Edytuj..Delete=Usu...Back=Wstecz..Next=Dalej..Refresh=Od.wie...CheckAll=Zaznacz wszystkie..UncheckAll=Odznacz wszystkie..SaveClose=Zapisz i zamknij..OK=OK..No=Nie..OkThanks=Ok, dzi.kuj...NoThanks=Nie, dzi.kuj...Yes=Tak..Apply=Zastosuj..Excluded=Wykluczone....[Actions]..Actions=Dzia.ania..Action1=Strona g..wna..Action2=Wyczy....Action3=Bezpiecze.stwo..Action3Hint=Chro. sw.j komputer i.osobiste dane..Action4=Narz.dzia..Action4Hint=Narz.dzia i.aplikacje pomagaj.ce bezpiecznie zarz.dza. komputerem..Action5=Opt

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Portuguese.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (413), with CRLF, CR line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):100205
                                                                                                                              Entropy (8bit):4.890898331675673
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:DVEQwJ76plyVTJrMDl6XBe7+Izgu1GT+yM+Qk/RZkR+Zltiu2S3mdk:D+Kmfryl6Czgu1GTZfZky3iu2O
                                                                                                                              MD5:115F06B8A4042B8E9D7EFD52007143C0
                                                                                                                              SHA1:BC6B211AF256C98E011586D6B011B1C6EDFA33D8
                                                                                                                              SHA-256:B98B5B516C8157A800AD4CD8F24741CB4A2683E93280551C4481FC7C2AC4BEC4
                                                                                                                              SHA-512:0858495C9322506D5DB53D47D456E4A6577CB8F3ADC6709B1AC4D6E7A6402DDFEF6697524872A835E1B07A30F91DFE67ED2A54EFB4735C45A256C5214BDF0529
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimizar..Close=Fechar..Exit=Sair..Help=Ajuda..StartScan=Iniciar An.lise..Cancel=Cancelar..Details=Detalhes..MoreInfo=Mais informa..es..Fix=Corrigir..SelectAll=Selecionar tudo..DeselectAll=Desmarcar todos..SelectCustom=Selecionar personalizado..Scan=Varredura..Find=Localizar..Search=Procurar..Remove=Remover..Save=Guardar..AddItem=Adicionar iten..RemoveItem=Remover iten..RemoveItems=Remover itens..ClearAll=Eliminar todos..Add=Adicionar..Edit=Editar..Delete=Excluir..Back=Voltar..Next=Seguinte..Refresh=Atualizar..CheckAll=Marcar todos..UncheckAll=Desmarcar todos..SaveClose=Guardar e fechar..OK=OK..No=N.o..OkThanks=OK, obrigado..NoThanks=N.o, obrigado..Yes=Sim..Apply=Aplicar..Excluded=Exclu.do(s)....[Actions]..Actions=A..es..Action1=In.cio..Action2=Limpar..Action3=Seguran.a..Action3Hint=Proteja o seu computador e as suas informa..es pessoais..Action4=Caixa de ferramentas..Action4Hint=Ferramentas e Aplica..es para ajud.-lo a gerir com seguran.a o se

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Russian.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (357), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):145442
                                                                                                                              Entropy (8bit):4.738314708060596
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:jwV6zC6xb6c5hbZvZbC66HDpj7bQ1/ghLz8Ui6kUQFNTr6POD/fBE3xQ7bsesHCV:jBC6xb6c5hbZvZQHDpj701/yLzLi6kUo
                                                                                                                              MD5:C98CAAADD39DBA1E092B5B9BA4EE430A
                                                                                                                              SHA1:D0CC8AABA7FFD3CA45D14BEF37D2F98984A45869
                                                                                                                              SHA-256:C94E94C79632B1843E040EA24A3FF94A77A57301C450C8E9B589715E633011FE
                                                                                                                              SHA-512:F89A9FDAF04B7317E817DD6C50E10AA4B365FBEC3013DC11876757B6C08B4D5A85BA57A8DDD764CB1B4399D44F10786567C8FA1D3226549ADCD7499B40B52A1A
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=..........Close=.........Exit=.......Help=........StartScan=.............Cancel=........Details=...........MoreInfo=...........Fix=...........SelectAll=........ .....DeselectAll=..... .........SelectCustom=...........Scan=.............Find=.......Search=.......Remove=.........Save=...........AddItem=..........RemoveItem=.........RemoveItems=.........ClearAll=........ .....Add=..........Edit=...............Delete=.........Back=...........Next=.......Refresh=..........CheckAll=........ .....UncheckAll=..... .........SaveClose=.... && .........OK=OK..No=.....OkThanks=.., .........NoThanks=..., .........Yes=....Apply=...........Excluded=Excluded....[Actions]..Actions=.......

                                                                                                                              C:\Program Files (x86)\PC Cleaner\SList.db (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3011000, page size 1024, file counter 3, database pages 1069, cookie 0x18, schema 4, UTF-8, version-valid-for 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1094656
                                                                                                                              Entropy (8bit):6.128977552298963
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:WY8IyylDzjpmRFQn0g5cqhJWT2mZws7noPrbLT:JrlhyLu
                                                                                                                              MD5:DDBBFDA211ED1460D616A48FE1EF9676
                                                                                                                              SHA1:5306FBA67448AB0C1C3E55808D13B1F900E82493
                                                                                                                              SHA-256:B59785F62C26B60CE5D6E30E88946BFFC3D7EB8C0F572359D36985CA8EE4BC48
                                                                                                                              SHA-512:28CE666FF970741145B26C7850DA551FFF4BEE95881981637C877E82E10A2AEDA2304FE7580AC06FE3CDE175BC51C97502060769B7FA358EB2F82126A520ED38
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ .......-.................................................................-.......x..x...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................atablestartupstartup.CREATE TABLE startup (id integer PRIMARY KEY, file varchar(40), title varchar(40),

                                                                                                                              C:\Program Files (x86)\PC Cleaner\SList.txt (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Non-ISO extended-ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):79132
                                                                                                                              Entropy (8bit):4.9883854846897835
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:1VtVSx3JV4033wYcwjSXAiy7WGmJQ2r3O:/SLuqRDj6AikINe
                                                                                                                              MD5:3F38DA16BF0FA5442D7B88EDD6066A3B
                                                                                                                              SHA1:FE561584BD06952F3991FAE779DF2AAA812D34F9
                                                                                                                              SHA-256:6F9BE4AEB21A135EB5476B740EC5CB6D26A2271E975931F4C3A8133D9E4567E7
                                                                                                                              SHA-512:8BBDFE302C06CC566A1FA4BA6675D40F7879AF257A0CCFC7DC2EA16E4460AC8A34AD7BAA1361B62076876235C07BC060284E97D611F174874312D101CF437FAC
                                                                                                                              Malicious:false
                                                                                                                              Preview:\BWQsphsbnt^..XJOEPXTEFGFOEFS>Njdsptpgu!nbmxbsf!qspufdujpo!jodmvefe!xjui!boe!cvjmu!joup!Xjoepxt!tubsujoh!xjui!Xjoepxt!9/!Uijt!tpguxbsf!ifmqt!jefoujgz!boe!sfnpwf!wjsvtft-!tqzxbsf!boe!puifs!nbmjdjpvt!tpguxbsf/..BWBTU>Qbsu!pg!Bwbtu!boujwjsvt!qsphsbn/!Ju!jt!jnqpsubou!up!lffq!bdujwf!up!fotvsf!uibu!zpvs!boujwjsvt!jt!bmxbzt!vq!up!ebuf/..BWBTU6>Tztufn!Usbz!Jdpo!gps!Bwbtu!Boujwjsvt!6/!Ju!jt!jnqpsubou!up!mfbwf!uijt!bdujwf!bu!tubsuvq!up!fotvsf!uibu!zpvs!boujwjsvt!jt!bmxbzt!vq!up!ebuf..BWBTU">Qbsu!pg!uif!Bwbtu"!boujwjsvt!tpguxbsf/!Tztufn!usbz!bddftt!up!boe!opujgjdbujpot!gps!uif!wfstjpo!6!boe!7!tfsjft!pg!boujwjsvt!boe!joufsofu!tfdvsjuz!qspevdut/..BWHOU>Tztufn!Usbz!Opujgjfs!gps!Bwjsb!BoujWjs!boujwjsvt!qspevdut/!Mfbwf!bdujwf!jo!zpvs!tubsuvq!nfov!up!fotvsf!zpvs!boujwjsvt!jt!bmxbzt!vq!up!ebuf!boe!uibu!zpv!sfdfjwf!opujgjdbujpot!pg!boz!qspcmfnt/..BWH`USBZ>Tztufn!Usbz!bddftt!gps!BWH!bojujwjsvt!qspevdut/!Mfbwf!bdujwf!jo!zpvs!tubsuvq!nfov!up!fotvsf!uibu!zpvs!boujwjsvt!jt!bmxbzt!vq!up!ebuf!boe!uibu!zpv!sfdfj

                                                                                                                              C:\Program Files (x86)\PC Cleaner\SchedTasks.txt (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6591
                                                                                                                              Entropy (8bit):4.880107756921406
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:iPHHfnYHvvC2bKUdsjMXYAUSmexdNYzjsMc:iPf2vC23UfexdN/
                                                                                                                              MD5:636908C786DFE5783754D4B489AB7D17
                                                                                                                              SHA1:9024E7F3AC8D9A990398E8362D1FB53B39AD75F5
                                                                                                                              SHA-256:11277AE487362FC06A48174D679F59678D50DA4B264A776F491F1E389570BC8C
                                                                                                                              SHA-512:7B472393528E3659106B6FF482061C17C45FABE35956B4E68A294FD4CF1457A75CB3C9C67C4279CD5BA9FD867487A617E668DC26C4C2E893E36B79587C76BF80
                                                                                                                              Malicious:false
                                                                                                                              Preview:[Tasks]..Adobe Acrobat Update Task=Adobe Acrobat Update Task. You can disable this task...Adobe Flash Player PPAPI Notifier=Task of Adobe Flash Player. You can disable this...Adobe Flash Player Updater=Adobe Flash Player Updater. You can disable this task...AdobeAAMUpdater=Updater of Adobe products. This program does not need to automatically start. ..Antivirus Emergency Update=Part of an AVG automatic update. Keep it enabled...AppleSoftwareUpdate=Apple Software Update. If you do not use Apple products on Windows, this service can be disabled...ASC11_PerformanceMonitor=Advanced SystemCare Monitor from IObit. You can disable this task...AtomicAlarmClock=Launch Atomic Alarm Clock. If you do not use this product, this service can be disabled...Auslogics=Task of one from Auslogics products. You can disable this task...Avast settings backup=Task of Avast antivirus. Keep it enabled...AVG EUpdate Task=Task of antivirus AVG. Keep it enabled...Asus AISuite=Part of Asus AI Suite. Keep it enabled

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Services1.txt (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3317
                                                                                                                              Entropy (8bit):4.908513539175229
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:zXOk/Ty2JCNSwdT4BaA+Gm8Rfcyz0U+fs1qV:zXOkBJCIwdTA+GQK0U+fs1+
                                                                                                                              MD5:21BC09207F237DD262112401584E3B8F
                                                                                                                              SHA1:7AA202D5D392E9C3B04C0113381D165A3B12FF61
                                                                                                                              SHA-256:95D33968B745174744E07207E8003B8A615E1BC5E10676A2F4E81F3E5ABF4980
                                                                                                                              SHA-512:EF11CEFD953FB0FA91931B81400438A4C38C65B05A7581F8343CC3F7EF0FA0AEBA9DFEC68F7862DCA5C06783A104F8FB47852D84CCB4A8A7C9DE94799B1A3FB7
                                                                                                                              Malicious:false
                                                                                                                              Preview:WwanSvc..wudfsvc..wuauserv..WSService..WSearch..wscsvc..WPDBusEnum..WPCSvc..WMPNetworkSvc..wmiApSrv..wlidsvc..WlanSvc..WinRM..Winmgmt..WinHttpAutoProxySvc..WinDefend..WiaRpc..WerSvc..wercplsupport..Wecsvc..WebClient..WdiSystemHost..WdiServiceHost..WcsPlugInService..wcncsvc..Wcmsvc..WbioSrvc..wbengine..W32Time..VSS..vmicvss..vmictimesync..vmicshutdown..vmicrdv..vmickvpexchange..vmicheartbeat..vds..VaultSvc..upnphost..UmRdpService..UI0Detect..TrustedInstaller..TrkWks..TimeBroker..THREADORDER..Themes..TermService..TapiSrv..TabletInputService..SystemEventsBroker..SysMain..swprv..svsvc..StorSvc..stisvc..SstpSvc..SSDPSRV..sppsvc..Spooler..SNMPTRAP..ShellHWDetection..SharedAccess..SessionEnv..SensrSvc..SENS..seclogon..SDRSVC..SCPolicySvc..Schedule..SCardSvr..SamSs..RpcSs..RpcLocator..RpcEptMapper..RemoteRegistry..RemoteAccess..RasMan..RasAuto..QWAVE..ProfSvc..PrintNotify..Power..PolicyAgent..PNRPsvc..PNRPAutoReg..PlugPlay..pla..PerfHost..PeerDistSvc..PcaSvc..p2psvc..p2pimsvc..nsi..NlaSvc..Net

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Services2.txt (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14579
                                                                                                                              Entropy (8bit):4.841093110997302
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:4u4y64zqfQY0/XDeBZkJVPhbC6UJw3OaeOd9CYp1NKMU2SmwqC55BwSLhLLwtwYR:NY48Aefk12T/5YzpftOC+WNB5/fXGaZ
                                                                                                                              MD5:6D885D79C99B9B8D409C4684BCEA54D2
                                                                                                                              SHA1:20EDDB02737AAD8EC88407E19777534A8ED8E766
                                                                                                                              SHA-256:1923ED5B39D3248FCBC245EB60FC05116FD439E62F2271FB5B7D42FEA8545CBD
                                                                                                                              SHA-512:BB17D8901281FC39A2594BAE85EB81E161BAA74A9A954121A433A37190557580040702E9308B2734CC3B695AE3F8DFE04AFBCCF88D1AEADB6DC939E07FD54C63
                                                                                                                              Malicious:false
                                                                                                                              Preview:[Services]..ACDaemon=ArcSoft Connection Service..Adguard Service=Part of AdGuard product, it blocks ads and dangerous websites. If you use ADGuard keep it enabled...AdobeARMservice=Adobe Acrobat Update Service. This service is not required to start automatically as it can be run manually when needed...Adobe LM service=Adobe Licensing Service. If you do not uses Adobe products, this service can be disabled...AdobeFlashPlayerUpdateSvc=Adobe Flash Player Update Service. This service is not required to start automatically as it can be run manually when needed...AdvancedSystemCareService11=Advanced SystemCare Service. This service is not required to start automatically as it can be run manually when needed...AMD External Events Utility=AMD External Events Utility...AMPPALR3=Intel Wireless Bluetooth Service. Keep enabled. ..AnviCsbSvc=Anvisoft Cloud System Booster Service. AnviCsbSvc is not essential for the Windows OS and can be disabled...Apple Mobile Device=Apple Mobile Device Service. Pa

                                                                                                                              C:\Program Files (x86)\PC Cleaner\SiteNtf.txt (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4351
                                                                                                                              Entropy (8bit):4.401618076790458
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:kxXH+TBvERKDzCxLg+lQm+zHj6DnojA4MCBhqmhEWl7GMCdM9:kReFE0DzgMn3zD6DnomCZhEWl7GMGe
                                                                                                                              MD5:023938522A2335379044391C1B83656A
                                                                                                                              SHA1:1761B2DCADB48689C7C052393490043E050E5FEA
                                                                                                                              SHA-256:66AAE467EF3636628B6EB4C4DC2E210990BB6440653CC3AAFB7800B89A8DA1EC
                                                                                                                              SHA-512:0F88726EE74A9D51DFD888120D0E0DC1C66949374388EF4A394B4A2CD59056DBADA68FE75929F4374B4441CFD8B8100E5EDFAAA2982DBA9F02D0322F1D1DD389
                                                                                                                              Malicious:false
                                                                                                                              Preview:abc.es..actualidad.rt.com..ad.nl..adaware.com..alibaba.com..allrecipes.com..apost.com..apps.facebook.com..ar.pinterest.com..as.com..asahi.com..assure.ameli.fr..atrapalo.com..atrapalo.com.ar..aujardin.info..auto-doc.fr..auto-doc.it..auto-motor-und-sport.de..autodoc.de..autodoc.es..autoparti.it..badoo.com..banggood.com..bestday.com.ar..bilibili.com..blog.giallozafferano.it..bolavip.com..bonial.fr..book.lufthansa.com..boxil.jp..br.pinterest.com..brigitte.de..businessinsider.de..calendar.google.com..canaltech.com.br..case.trovit.it..cbssports.com..chinatimes.com..cnet.com..comingsoon.it..commonhealth.com.tw..computerbild.de..conforama.fr..consoglobe.com..cronica.com.ar..cw.com.tw..dafiti.com.br..daily.co.jp..dailymail.co.uk..derwesten.de..diariosur.es..digitaltrends.com..dn.pt..donnamoderna.com..dresslily.com..drive.google.com..duo.google.com..duolingo.com..ecologiaverde.com..economia.uol.com.br..elcorreo.com..elindependiente.com..ellitoral.com..elperiodico.com..endesaclientes.com..erecipe

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Spanish.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (404), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):101165
                                                                                                                              Entropy (8bit):4.807129084859234
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:+qGNjBCbrzqPDNQn7cSo++I0uPVeu2xQ7QA:NgjiXqPDNQ7ceNC8
                                                                                                                              MD5:03184466399986BBB2AF531ABEC57753
                                                                                                                              SHA1:DD56B7F09ED5E7B10A8BCC6A81645C76C6F31D8B
                                                                                                                              SHA-256:8F8890F01937180EA1AD2F11B23FCCAE67D56283C1F29BD6A474C6AD9F6F40CE
                                                                                                                              SHA-512:F49F50D3FB1C18B5A1DB0E659D05565AD5F8D2FDECDFD274E867A5FBD94BA804D1F0ED6028C4E09C291D069449D1DE147082450F320661EBC545C4A1DD37143D
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimizar..Close=Cerrar..Exit=Salir..Help=Ayuda..StartScan=Iniciar an.lisis..Cancel=Cancelar..Details=Detalles..MoreInfo=M.s informaci.n..Fix=Corregir..SelectAll=Seleccionar todo..DeselectAll=Desmarcar todo..SelectCustom=Selecci.n personalizada..Scan=Esc.ner..Find=Encontrar..Search=Buscar..Remove=Quitar..Save=Guardar..AddItem=A.adir elemento..RemoveItem=Quitar elemento..RemoveItems=Quitar elementos..ClearAll=Borrar todo..Add=A.adir..Edit=Editar..Delete=Eliminar..Back=Atr.s..Next=Siguiente..Refresh=Actualizar..CheckAll=Marcar todo..UncheckAll=Desmarcar todo..SaveClose=Guardar y cerrar..OK=Aceptar..No=No..OkThanks=Aceptar, gracias..NoThanks=No, gracias..Yes=S...Apply=Aplicar..Excluded=Excluido....[Actions]..Actions=Acciones..Action1=Inicio..Action2=Limpiar..Action3=Seguridad..Action3Hint=Proteja su ordenador y su informaci.n personal..Action4=Caja de herramientas..Action4Hint=Herramientas y aplicaciones que le ayudaran a administrar de forma segura el o

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Swedish.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (388), with CRLF, CR line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):92056
                                                                                                                              Entropy (8bit):4.963194074571659
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:OXG+d14zWQ9JWoExgPibmViSeqqT5wuuTmsz49lCfM5GU:bui9JWPkibmVixucCE5z
                                                                                                                              MD5:5D4F2C0D960F7AFD1FC15B3F1D3733AD
                                                                                                                              SHA1:9F3037FBD6DA82145275C145C6B93A5FA4CEE5C7
                                                                                                                              SHA-256:97A0BE3AAA9E4F0334C5F10F205EDC704DE12DAE7FDF470F4B2805CD939EF18B
                                                                                                                              SHA-512:A1171606D5FF25ABFEA871004CBF60C8986EFB0652404658CA5F9848B905009DB177C945A0AB0BDF9CDD0EFC501815641B40D1DC4F4F640C21AF92D0D4DE190A
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimera..Close=St.ng..Exit=Avsluta..Help=Hj.lp..StartScan=Starta skanning..Cancel=Avbryt..Details=Detaljer..MoreInfo=Mer information..Fix=.tg.rda..SelectAll=Markera allt..DeselectAll=Avmarkera alla..SelectCustom=Markera anpassad..Scan=Genoms.kning..Find=Hitta..Search=S.k..Remove=Ta bort..Save=Spara..AddItem=L.gg till objekt..RemoveItem=Ta bort objekt..RemoveItems=Ta bort objekt..ClearAll=Radera alla..Add=L.gg till..Edit=Redigera..Delete=Ta bort..Back=Tillbaka..Next=N.sta..Refresh=Uppdatera..CheckAll=Markera alla..UncheckAll=Avmarkera alla..SaveClose=Spara och st.ng..OK=OK..No=Nej..OkThanks=OK, tack..NoThanks=Nej tack..Yes=Ja..Apply=Till.mpa..Excluded=Exkluderade....[Actions]..Actions=.tg.rder..Action1=Hem..Action2=Rensa..Action3=S.kerhet..Action3Hint=Skydda din dator och din personliga information..Action4=Verktygsl.da..Action4Hint=Verktyg och program som kan hj.lpa dig att hantera din dator s.kert..Action5=Optimera..Action5a=Optimering..Actio

                                                                                                                              C:\Program Files (x86)\PC Cleaner\Turkish.ini (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (424), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):100259
                                                                                                                              Entropy (8bit):5.116644952528434
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:hTSNYEXntlGmasq1LvHlcV5xYAlhHMktLM:4Xdq1LvHl3QvM
                                                                                                                              MD5:3BAF1D442D07C85D23A6F32D8B2952D8
                                                                                                                              SHA1:C55A9F41F1177307413EF9B0977FE0C20755B856
                                                                                                                              SHA-256:7D6AF04ABBBD0B4AA88A67F9477FC1B6F2C40AA0A32843AE95AACD3A20938533
                                                                                                                              SHA-512:F42D9435EB0E120F182FA3DCDE31A22303EBE2F2D5916F2A1BD37427D4D9E7B7EE539D8B94782729FC00E3A54BF2B2F6BB457A82C85B6743D27B3AAEBCD9A452
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=K...ltmek..Close=Kapat..Exit=..k....Help=Yard.m..StartScan=Tarama Ba.lat..Cancel=.ptal..Details=Ayr.nt.lar..MoreInfo=Daha fazla bilgi..Fix=D.zelt..SelectAll=T.m.n. se...DeselectAll=T.m.n.n se.imini kald.r..SelectCustom=.zel olarak se...Scan=Tara..Find=Bul..Search=Ara..Remove=Kald.r..Save=Kaydet..AddItem=..e ekle..RemoveItem=..e kald.r..RemoveItems=..eleri kald.r..ClearAll=T.m.n. temizle..Add=Ekle..Edit=D.zen..Delete=Sil..Back=Geri..Next=.leri..Refresh=Yenile..CheckAll=T.m.n. i.aretle..UncheckAll=T.m.n.n i.aretini kald.r..SaveClose=Kaydet ve Kapat..OK=Tamam..No=Hay.r..OkThanks=Tamam, te.ekk.rler..NoThanks=Hay.r, te.ekk.rler..Yes=Evet..Apply=Uygula..Excluded=Hari. tutuldu....[Actions]..Actions=Eylemler..Action1=Ana Sayfa..Action2=Temizle..Action3=G.venlik..Action3Hint=Bilgisayar.n.z. ve ki.isel bilgilerinizi koruyun..Action4=Ara. Kutusu..Action4Hint=Bilgisayar.n.z. g.venli .ekilde y.netmenize yard.

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-0OI5S.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):870912
                                                                                                                              Entropy (8bit):6.540580612211194
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:XTtmtnhKqK75YJ4+X8NLXBIXcgVMU//GV:Xshc84y8NLXBUjc
                                                                                                                              MD5:97CC21B74D8F314C86BF2CE3D48315F9
                                                                                                                              SHA1:2B4CF9651B033F19D560D30BAAD83273DC3D990D
                                                                                                                              SHA-256:13FDC7A5FDA77CC02F8D526873F7459F068F359850C994E5BE9885A01B4257D8
                                                                                                                              SHA-512:3C61D305EC9482B3FF4146700920D570DE27ADB2C4E19F4B6AE67C08CC5A23DAFD4AC0653AAC6F29193873A698B1A956942E39024C839F4E1F0B2131D94B67DF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4fZ.>.........!.........2.....................a.......................................... .........................[.... ..0....P...................2...`...0...........................@.......................!...............................text...............................`.P`.data...............................@.`..rdata..............................@.`@.bss..................................`..edata..[........ ..................@.0@.idata..0.... ......................@.0..CRT....,....0......................@.0..tls.... ....@......................@.0..rsrc........P......................@.0..reloc...0...`...2..................@.0B/4...................8..............@.@B/19.................<..............@..B/31..........P......................@..B/45..........p......................@..B/57.................................@.0B/70.....i...............

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-247E9.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):357381
                                                                                                                              Entropy (8bit):5.041504026663943
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:41LPwkFKOwigTWlekAVZrtZR+JZ+TSPLJ+C/YQICk5QTWuORT3R1bavX+9oMsv3o:8PwkFKuAVBtrwnJ+C/YOORzR5qF43T
                                                                                                                              MD5:1276E1DAB8F69BF8730FE2598059338C
                                                                                                                              SHA1:CD8E127E154DE44574AB9FE391338E8834EA4C9E
                                                                                                                              SHA-256:C21419FB42DFB8422AA07EBAFC1F68CE5BFA51032307F4AB1364BDE4AF91E2A3
                                                                                                                              SHA-512:B6BAB548BC2839BE718F2415AED940FE40A634E3710BF1B08AEE94A2A6F4E3AA255C7FB87A8A78CF47163CB70B4A50D754DE13643103C8C769E9469606076969
                                                                                                                              Malicious:false
                                                                                                                              Preview:Obnf$Qvcmjtifs$Wfstjpo$Ibti!JE$Sfdpnnfoe!up!Sfnpwf$Opu!po!Bqq!Tupsf$Ofhbujwf!Gffecbdl$Tfbsdi!Npofuj{bujpo$BqqFtuffn..Tfbsdi!Fyufotjpo!cz!Btl$$61/29:/29/41392$kcmedpnggpknllkccmidfcfjdcodnkqg$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:2$fpdoopbdlpekbhecbpeeikclqkbcjnfe$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:5/2:/25:1:$plneloifkkjjdildqqpqqebloflkflpb$2$1$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/29:/29/41392$fpdoopbdlpekbhecbpeeikclqkbcjnfe$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:2$jpipqcnckgomdknngcghfemndfmcgkmj$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/29:/29/41398$mhgfigcopgjggmbeeodphgpcjnfbmplq$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:2$cnkcgnpgjfijhkidqbpcigpqofmboecp$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/29:/29/41799$jmnfiqnhpepjqffdjikccbdjfpoegbbi$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/295/28/46799$mhgfigcopgjggmbeeodphgpcjnfbmplq$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:1$ihbempeefnqnfnfjooqnigpqlmijbfei$2$2$2$2$..Tfbsdi!Fyufotjpo!cz!Btl$$61/2:2/29/714:1$cl

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-31H0L.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (357), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):145442
                                                                                                                              Entropy (8bit):4.738314708060596
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:jwV6zC6xb6c5hbZvZbC66HDpj7bQ1/ghLz8Ui6kUQFNTr6POD/fBE3xQ7bsesHCV:jBC6xb6c5hbZvZQHDpj701/yLzLi6kUo
                                                                                                                              MD5:C98CAAADD39DBA1E092B5B9BA4EE430A
                                                                                                                              SHA1:D0CC8AABA7FFD3CA45D14BEF37D2F98984A45869
                                                                                                                              SHA-256:C94E94C79632B1843E040EA24A3FF94A77A57301C450C8E9B589715E633011FE
                                                                                                                              SHA-512:F89A9FDAF04B7317E817DD6C50E10AA4B365FBEC3013DC11876757B6C08B4D5A85BA57A8DDD764CB1B4399D44F10786567C8FA1D3226549ADCD7499B40B52A1A
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=..........Close=.........Exit=.......Help=........StartScan=.............Cancel=........Details=...........MoreInfo=...........Fix=...........SelectAll=........ .....DeselectAll=..... .........SelectCustom=...........Scan=.............Find=.......Search=.......Remove=.........Save=...........AddItem=..........RemoveItem=.........RemoveItems=.........ClearAll=........ .....Add=..........Edit=...............Delete=.........Back=...........Next=.......Refresh=..........CheckAll=........ .....UncheckAll=..... .........SaveClose=.... && .........OK=OK..No=.....OkThanks=.., .........NoThanks=..., .........Yes=....Apply=...........Excluded=Excluded....[Actions]..Actions=.......

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-59DFD.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (388), with CRLF, CR line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):92056
                                                                                                                              Entropy (8bit):4.963194074571659
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:OXG+d14zWQ9JWoExgPibmViSeqqT5wuuTmsz49lCfM5GU:bui9JWPkibmVixucCE5z
                                                                                                                              MD5:5D4F2C0D960F7AFD1FC15B3F1D3733AD
                                                                                                                              SHA1:9F3037FBD6DA82145275C145C6B93A5FA4CEE5C7
                                                                                                                              SHA-256:97A0BE3AAA9E4F0334C5F10F205EDC704DE12DAE7FDF470F4B2805CD939EF18B
                                                                                                                              SHA-512:A1171606D5FF25ABFEA871004CBF60C8986EFB0652404658CA5F9848B905009DB177C945A0AB0BDF9CDD0EFC501815641B40D1DC4F4F640C21AF92D0D4DE190A
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimera..Close=St.ng..Exit=Avsluta..Help=Hj.lp..StartScan=Starta skanning..Cancel=Avbryt..Details=Detaljer..MoreInfo=Mer information..Fix=.tg.rda..SelectAll=Markera allt..DeselectAll=Avmarkera alla..SelectCustom=Markera anpassad..Scan=Genoms.kning..Find=Hitta..Search=S.k..Remove=Ta bort..Save=Spara..AddItem=L.gg till objekt..RemoveItem=Ta bort objekt..RemoveItems=Ta bort objekt..ClearAll=Radera alla..Add=L.gg till..Edit=Redigera..Delete=Ta bort..Back=Tillbaka..Next=N.sta..Refresh=Uppdatera..CheckAll=Markera alla..UncheckAll=Avmarkera alla..SaveClose=Spara och st.ng..OK=OK..No=Nej..OkThanks=OK, tack..NoThanks=Nej tack..Yes=Ja..Apply=Till.mpa..Excluded=Exkluderade....[Actions]..Actions=.tg.rder..Action1=Hem..Action2=Rensa..Action3=S.kerhet..Action3Hint=Skydda din dator och din personliga information..Action4=Verktygsl.da..Action4Hint=Verktyg och program som kan hj.lpa dig att hantera din dator s.kert..Action5=Optimera..Action5a=Optimering..Actio

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-5GPCL.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3204968
                                                                                                                              Entropy (8bit):6.335379144440448
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:HEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY21:b92bz2Eb6pd7B6bAGx7s333TD
                                                                                                                              MD5:CCCE5E18D7E151BBFB8592DCB09AF84B
                                                                                                                              SHA1:5917A85D9D6EF21D51C8DBCF5BF88BE8DF8B690C
                                                                                                                              SHA-256:171D6009023E968B888D82E5EEA3128477EB6FBE3FAAAA3B98195706433622AD
                                                                                                                              SHA-512:42CA97DB03B90F0C3506292C272C680119A68E35FDB9B928567A4D59E520AB05338935B5C321AA93BBC3DF53EFA9651752DAED48132F71357855A439A67E1E14
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1.....v.1...@......@....................-......p-.29....-...............0.h)....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-5HH89.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):983608
                                                                                                                              Entropy (8bit):6.738020744892371
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:lLmp4GqU+az1Y3E6URUONbnLsiTGUE23CeTrBA8bpd7RRzS6gp/f:lLmMUFYeRUQ9CeTrBA8bpd7RRzS6gp/f
                                                                                                                              MD5:11A813C0972B740937D3A7E2DAF9FFCB
                                                                                                                              SHA1:4245B5A3C97F725C56A29D745767EDEBB5E3F15D
                                                                                                                              SHA-256:3F933BCED2D9F65D48F7C48715BF286FD431341A74E1CE15D39B7C4C96603CF9
                                                                                                                              SHA-512:9A590DCAB0CF7051D04743736EA7A6B74FA0F87539580CC41A58AD33A76574201E7B6D54D5100CBCD262266BC55B053243EDD4860A2D43DEEB1C164395E4A941
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......7:.+s[.xs[.xs[.x(3.y|[.x(3.y.[.x(3.ye[.x.4wxt[.x!..yc[.x!..yk[.x!..y [.xB.wxq[.x.4.y.[.x(3.y|[.xs[.x|Z.x...yb[.x...yr[.x..uxr[.xs[.xr[.x...yr[.xRichs[.x........................PE..L....w.b...........!.........h............................................... ......e.....@.........................P.......$...........................8$......@....e..p....................g.......f..@............................................text.............................. ..`.rdata..J...........................@..@.data...@H...0...6..................@....rsrc................J..............@..@.reloc..@............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-6HMCK.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3317
                                                                                                                              Entropy (8bit):4.908513539175229
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:zXOk/Ty2JCNSwdT4BaA+Gm8Rfcyz0U+fs1qV:zXOkBJCIwdTA+GQK0U+fs1+
                                                                                                                              MD5:21BC09207F237DD262112401584E3B8F
                                                                                                                              SHA1:7AA202D5D392E9C3B04C0113381D165A3B12FF61
                                                                                                                              SHA-256:95D33968B745174744E07207E8003B8A615E1BC5E10676A2F4E81F3E5ABF4980
                                                                                                                              SHA-512:EF11CEFD953FB0FA91931B81400438A4C38C65B05A7581F8343CC3F7EF0FA0AEBA9DFEC68F7862DCA5C06783A104F8FB47852D84CCB4A8A7C9DE94799B1A3FB7
                                                                                                                              Malicious:false
                                                                                                                              Preview:WwanSvc..wudfsvc..wuauserv..WSService..WSearch..wscsvc..WPDBusEnum..WPCSvc..WMPNetworkSvc..wmiApSrv..wlidsvc..WlanSvc..WinRM..Winmgmt..WinHttpAutoProxySvc..WinDefend..WiaRpc..WerSvc..wercplsupport..Wecsvc..WebClient..WdiSystemHost..WdiServiceHost..WcsPlugInService..wcncsvc..Wcmsvc..WbioSrvc..wbengine..W32Time..VSS..vmicvss..vmictimesync..vmicshutdown..vmicrdv..vmickvpexchange..vmicheartbeat..vds..VaultSvc..upnphost..UmRdpService..UI0Detect..TrustedInstaller..TrkWks..TimeBroker..THREADORDER..Themes..TermService..TapiSrv..TabletInputService..SystemEventsBroker..SysMain..swprv..svsvc..StorSvc..stisvc..SstpSvc..SSDPSRV..sppsvc..Spooler..SNMPTRAP..ShellHWDetection..SharedAccess..SessionEnv..SensrSvc..SENS..seclogon..SDRSVC..SCPolicySvc..Schedule..SCardSvr..SamSs..RpcSs..RpcLocator..RpcEptMapper..RemoteRegistry..RemoteAccess..RasMan..RasAuto..QWAVE..ProfSvc..PrintNotify..Power..PolicyAgent..PNRPsvc..PNRPAutoReg..PlugPlay..pla..PerfHost..PeerDistSvc..PcaSvc..p2psvc..p2pimsvc..nsi..NlaSvc..Net

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-72708.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (465), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):96348
                                                                                                                              Entropy (8bit):4.819954314950435
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:bj6v8nZN1+H8IQtdaMguaq/Dx63SAin3XZ1N5hWkUC7kBSXHc3x90B9sWAcv12X2:bj6v8Z6cIQtdaM4qySAin3XZ1N5hWkUo
                                                                                                                              MD5:1723BE45104CDAC92B84F99255F66D11
                                                                                                                              SHA1:C4100926DEA1E20BF89B91D8AF78C144C9D8CC1E
                                                                                                                              SHA-256:B176C4224DF8CCBC78AED40162DD7A86AE4F4C442F2DB7783C8BE977008D60EC
                                                                                                                              SHA-512:05ADDBBE027CF4E7203B89A011B1C44885D1FC4B3AB3229BA9299FC094BF77B9F27C80E3C931207B7B5FF3B5270806213EC95720EB8478A841A1FD7F87E0674E
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimaliseren..Close=Sluiten..Exit=Afsluiten..Help=Help..StartScan=Scan starten..Cancel=Annuleren..Details=Details..MoreInfo=Meer informatie..Fix=Oplossen..SelectAll=Alles selecteren..DeselectAll=Alles deselecteren..SelectCustom=Selectie aanpassen..Scan=Scannen..Find=Zoeken..Search=Zoeken..Remove=Verwijderen..Save=Opslaan..AddItem=Item toevoegen..RemoveItem=Item verwijderen..RemoveItems=Items verwijderen..ClearAll=Alles wissen..Add=Toevoegen..Edit=Bewerken..Delete=Verwijderen..Back=Terug..Next=Volgende..Refresh=Vernieuwen..CheckAll=Alles inschakelen..UncheckAll=Alles uitschakelen..SaveClose=Opslaan && Sluiten..OK=OK..No=Nee..OkThanks=OK, bedankt..NoThanks=Nee, bedankt..Yes=Ja..Apply=Toepassen..Excluded=Uitgesloten....[Actions]..Actions=Acties..Action1=Home..Action2=Opruimen..Action3=Beveiliging..Action3Hint=Uw computer en persoonsgegevens beschermen..Action4=Gereedschapskist..Action4Hint=Hulpmiddelen en toepassingen om uw computer veilig te beheren..Action5=Opt

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-8E9R8.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (410), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):105033
                                                                                                                              Entropy (8bit):4.930457985874322
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:8OsRmsfzl4riKoixrScAHeaTfeg/W8gg840gh40n:GRmsfzlbSxrScAHeaTfeg/2g8ah40n
                                                                                                                              MD5:C7B4409CFB74F33FD2023F1D0B326292
                                                                                                                              SHA1:DADA60FF824367F5992BEEE40FEAF0CBF3366215
                                                                                                                              SHA-256:422D0E44CB3292492674DF1D07992483822F6BD035C082EDB8C4C57205D09FA9
                                                                                                                              SHA-512:F80B291D827F51CFA15847717B396191345F2FD3F6798ADF7A175005C068AA9493330728E51F2B5E2C4868CECA101ADF404B2FE6955E27B713D5B4265A48B49D
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=R.duire..Close=Fermer..Exit=Quitter..Help=Aide..StartScan=Lancer analyse..Cancel=Annuler..Details=D.tails..MoreInfo=Plus d.infos..Fix=Corriger..SelectAll=S.lectionner tout..DeselectAll=D.s.lectionner tout..SelectCustom=S.lection personnalis.e..Scan=Analyser..Find=Rechercher..Search=Recherche..Remove=Supprimer..Save=Enregistrer..AddItem=Ajouter .l.ment..RemoveItem=Supprimer .l.ment..RemoveItems=Supprimer .l.ments..ClearAll=Effacer tout..Add=Ajouter..Edit=Modifier..Delete=Supprimer..Back=Pr.c.dent..Next=Suivant..Refresh=Rafra.chir..CheckAll=Cocher tout..UncheckAll=D.cocher tout..SaveClose=Enregistrer et Fermer..OK=OK..No=Non..OkThanks=OK, merci..NoThanks=Non, merci..Yes=Oui..Apply=Appliquer..Excluded=Exclus....[Actions]..Actions=Actions..Action1=Accueil..Action2=Nettoyage..Action3=S.curit...Action3Hint=Prot.gez votre ordinateur et vos informations personnelles..Action4=Bo.te . outils..Action4Hint=Outils et applications pour vous aider . u

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-8F6BD.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):257048
                                                                                                                              Entropy (8bit):5.729080570630172
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:b29aigIheEW31K5okfdGDNxDzcDzCtXOHnfn7Ej/j1+4uEJxiOq:q9JgQI1A6FcDKj/j1+4uEPy
                                                                                                                              MD5:D0DF412916EEFADA68E7906FCDF3B276
                                                                                                                              SHA1:4243522286AC5DC7ED3B199CCE905F8E1507EC5A
                                                                                                                              SHA-256:730416D01A0B595BA603A12CA741FAE0BC45B90E5B63C3B23C74195EAEB6A6F7
                                                                                                                              SHA-512:E1D494BACBEAEE084B760CE258E06FE24C2E685543DB0C5802031B8981F05CEA711B2F6F57E5E04651D66568DEEF3C0A2013BE171705427B00DE7E7B10607ECD
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...2..a..........................................@..............................................@......................x....`..P........................2......8*...................................................b.......p.......................text...@........................... ..`.itext.............................. ..`.data...............................@....bss.....Z...............................idata..P....`......................@....didata......p......................@....edata..x...........................@..@.tls.....................................rdata..]...........................@..@.reloc..8*.......,..................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-936N5.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6591
                                                                                                                              Entropy (8bit):4.880107756921406
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:iPHHfnYHvvC2bKUdsjMXYAUSmexdNYzjsMc:iPf2vC23UfexdN/
                                                                                                                              MD5:636908C786DFE5783754D4B489AB7D17
                                                                                                                              SHA1:9024E7F3AC8D9A990398E8362D1FB53B39AD75F5
                                                                                                                              SHA-256:11277AE487362FC06A48174D679F59678D50DA4B264A776F491F1E389570BC8C
                                                                                                                              SHA-512:7B472393528E3659106B6FF482061C17C45FABE35956B4E68A294FD4CF1457A75CB3C9C67C4279CD5BA9FD867487A617E668DC26C4C2E893E36B79587C76BF80
                                                                                                                              Malicious:false
                                                                                                                              Preview:[Tasks]..Adobe Acrobat Update Task=Adobe Acrobat Update Task. You can disable this task...Adobe Flash Player PPAPI Notifier=Task of Adobe Flash Player. You can disable this...Adobe Flash Player Updater=Adobe Flash Player Updater. You can disable this task...AdobeAAMUpdater=Updater of Adobe products. This program does not need to automatically start. ..Antivirus Emergency Update=Part of an AVG automatic update. Keep it enabled...AppleSoftwareUpdate=Apple Software Update. If you do not use Apple products on Windows, this service can be disabled...ASC11_PerformanceMonitor=Advanced SystemCare Monitor from IObit. You can disable this task...AtomicAlarmClock=Launch Atomic Alarm Clock. If you do not use this product, this service can be disabled...Auslogics=Task of one from Auslogics products. You can disable this task...Avast settings backup=Task of Avast antivirus. Keep it enabled...AVG EUpdate Task=Task of antivirus AVG. Keep it enabled...Asus AISuite=Part of Asus AI Suite. Keep it enabled

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-9B3TS.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Generic INItialization configuration [Actions]
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):98058
                                                                                                                              Entropy (8bit):4.900587252762861
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:a9YdfmldiuWrWgqdCS20bxeJzjb7zhIoLW+yMbO4TYEXuVax8eAGsMKZV1t:2Yw2SdCS20eJzjb7zhIoLW9EO4Ts0RAf
                                                                                                                              MD5:D6F95D407E81BB24A26CEFCA943E6A26
                                                                                                                              SHA1:4CA7AD5039314FDB66905997857F5D3B9329CF35
                                                                                                                              SHA-256:6B70C646B90685E7396E64B22D16A6AF295B6F8984538D06DE4D32024C992A96
                                                                                                                              SHA-512:A2971ACCD3058166C16AF12E3E6D2987010DFDEE5DF68FFB8A9F0F230F90EE3CA20AFD3C70CEF76F51AB6AFB8C26D5E62C49B5F777A32EE6D2D46DA7B74E5395
                                                                                                                              Malicious:false
                                                                                                                              Preview:..[Buttons]..Minimize=Minimizar..Close=Fechar..Exit=Sair..Help=Ajuda..StartScan=Iniciar An.lise..Cancel=Cancelar..Details=Detalhes..MoreInfo=Mais informa..es..Fix=Corrigir..SelectAll=Selecionar tudo..DeselectAll=Desmarcar tudo..SelectCustom=Selecionar personalizar..Scan=Varredura..Find=Localizar..Search=Procurar..Remove=Remover..Save=Guardar..AddItem=Adicionar item..RemoveItem=Remover item..RemoveItems=Remover itens..ClearAll=Eliminar tudo..Add=Adicionar..Edit=Editar..Delete=Excluir..Back=Voltar..Next=Pr.ximo..Refresh=Atualizar..CheckAll=Marcar tudo..UncheckAll=Desmarcar tudo..SaveClose=Salvar && Fechar..OK=OK..No=N.o..OkThanks=OK, obrigado..NoThanks=N.o, obrigado..Yes=Sim..Apply=Aplicar..Excluded=Exclu.do....[Actions]..Actions=A..es..Action1=In.cio..Action2=Limpar..Action3=Seguran.a..Action3Hint=Proteja seu computador e suas informa..es pessoais..Action4=Caixa de ferramentas..Action4Hint=As Ferramentas e Aplicativos ajudam voc. a gerenciar com seguran.a o computador..Ac

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-BLHN8.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):245
                                                                                                                              Entropy (8bit):4.2187986967942805
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:I6DRnGNKyZCvM30eDKyZTeToj5K4YIKZ8x:I6DRnGNT0EXZTekj5o9ZI
                                                                                                                              MD5:F64C612CF669E719DFABC162FBDD61E5
                                                                                                                              SHA1:A3018CAAD39AB800F8F7E5DF6B7DE136E873E5D6
                                                                                                                              SHA-256:A193F2EBA15CEF7FE439E4F0292AF90BD46EEE89730BD390E04C365F3E62DEB4
                                                                                                                              SHA-512:62922CE844B4B4285D6EB30B7515FC0F1C6552D5825AAA33D2D9CDC091D68CFD503C2D521BC3E26765DF0600652487532F9CE8AB788F9931BF1CDD7BD045CEC2
                                                                                                                              Malicious:false
                                                                                                                              Preview:google.com..gmail.com..youtube.com..aol.com..bing.com..yahoo.com..login.live..outlook.com..microsoft.com..twitter.com..facebook.com..instagram.com..linkedin.com..paypal.com..netflix.com..fatmedia.io..doubleclick.net..clarity.ms..pchelpsoft.com..

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-BOR76.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10560360
                                                                                                                              Entropy (8bit):6.73903100760208
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:/OGHyihNP+DsNCs32tmV+sKv53MtrGlwylZ80J8KSBbJXcNUIgE:xHyMe22QOBcCmylZT8Kq+NxH
                                                                                                                              MD5:F5AEC68E32818A9A647615FDA4414B65
                                                                                                                              SHA1:BEB46158B2679D1D92E7C49DDE8D5AB43A214602
                                                                                                                              SHA-256:ABBAF8B76DD9336EDE5E24FB8B8237B151166C5F4DA361FBFD032A25F1B295AF
                                                                                                                              SHA-512:DD6A54F1C9B0BEF58B5C6DF07DBDA86E359D47C83B411EF9EC2A6D4A8C0CB40B61AD80813FC7E7B8818026B4744F645E7DE5215F3606B8B9C1C625EA8FFA0828
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....!.f.................8r..........Cr......Pr...@................................"-....@......@....................u......`u..R........".............h)....v..............................v......................nu.......u......................text.....q.......q................. ..`.itext...O....r..P....q............. ..`.data....u...Pr..v...<r.............@....bss....@.....t..........................idata...R...`u..T....t.............@....didata.......u.......u.............@....edata........u...... u.............@..@.tls....\.....u..........................rdata..].....v......"u.............@..@.reloc.......v......$u.............@..B.rsrc....."......."...~.............@..@...................................@..@................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-D8QT2.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Generic INItialization configuration [Actions]
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):91793
                                                                                                                              Entropy (8bit):4.90143972057364
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:ZMdM9tnhz/0ZzBkRFxNr3fuvSF+Vh8JaAOUjnBD:PXp/UkRFxNjt+DhrU5
                                                                                                                              MD5:EFA73B8135E9046038538B20E93C9FA1
                                                                                                                              SHA1:11A2DA136E6BA914184A4AE4678923083FE9E6DA
                                                                                                                              SHA-256:129D94B7DD0166AB2AF827C53A4A065CC0AF2DE9812371084B46EC4F26CF3ED7
                                                                                                                              SHA-512:509CBC1C810FEC0FD6854D05EB92AE8DAAFC209F41D7BB501B2B4520A0B531C298B02ECAA9C5126ED81EFE0CF9F5E92E96898A5E86ABA031D3FFB8FB9A815010
                                                                                                                              Malicious:false
                                                                                                                              Preview:..[Buttons]..Minimize=Minimer..Close=Luk..Exit=Afslut..Help=Hj.lp..StartScan=Start scanning..Cancel=Annuller..Details=Detaljer..MoreInfo=Flere oplysninger..Fix=Repar.r..SelectAll=Mark.r alt..DeselectAll=Frav.lg alle..SelectCustom=V.lg brugerdefineret..Scan=Scan..Find=Find..Search=S.g..Remove=Fjern..Save=Gem..AddItem=Tilf.j element..RemoveItem=Fjern element..RemoveItems=Fjern elementer..ClearAll=Ryd alle..Add=Tilf.j..Edit=Rediger..Delete=Slet..Back=Tilbage..Next=N.ste..Refresh=Opdat.r..CheckAll=Mark.r alle..UncheckAll=Fjern markering af alle..SaveClose=Gem og luk..OK=OK..No=Nej..OkThanks=Ok, tak..NoThanks=Nej tak..Yes=Ja..Apply=Anvend..Excluded=Udelukket....[Actions]..Actions=Handlinger..Action1=Hjem..Action2=Rens..Action3=Sikkerhed..Action3Hint=Beskyt din computer og dine private oplysninger..Action4=V.rkt.jskasse..Action4Hint=V.rkt.jer og programmer til at hj.lpe dig med sikkert at administrere din computer..Action5=Optim.r..Action5a=Optimering..Action5Hint=Tjek for m

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-DSLRT.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (404), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):101165
                                                                                                                              Entropy (8bit):4.807129084859234
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:+qGNjBCbrzqPDNQn7cSo++I0uPVeu2xQ7QA:NgjiXqPDNQ7ceNC8
                                                                                                                              MD5:03184466399986BBB2AF531ABEC57753
                                                                                                                              SHA1:DD56B7F09ED5E7B10A8BCC6A81645C76C6F31D8B
                                                                                                                              SHA-256:8F8890F01937180EA1AD2F11B23FCCAE67D56283C1F29BD6A474C6AD9F6F40CE
                                                                                                                              SHA-512:F49F50D3FB1C18B5A1DB0E659D05565AD5F8D2FDECDFD274E867A5FBD94BA804D1F0ED6028C4E09C291D069449D1DE147082450F320661EBC545C4A1DD37143D
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimizar..Close=Cerrar..Exit=Salir..Help=Ayuda..StartScan=Iniciar an.lisis..Cancel=Cancelar..Details=Detalles..MoreInfo=M.s informaci.n..Fix=Corregir..SelectAll=Seleccionar todo..DeselectAll=Desmarcar todo..SelectCustom=Selecci.n personalizada..Scan=Esc.ner..Find=Encontrar..Search=Buscar..Remove=Quitar..Save=Guardar..AddItem=A.adir elemento..RemoveItem=Quitar elemento..RemoveItems=Quitar elementos..ClearAll=Borrar todo..Add=A.adir..Edit=Editar..Delete=Eliminar..Back=Atr.s..Next=Siguiente..Refresh=Actualizar..CheckAll=Marcar todo..UncheckAll=Desmarcar todo..SaveClose=Guardar y cerrar..OK=Aceptar..No=No..OkThanks=Aceptar, gracias..NoThanks=No, gracias..Yes=S...Apply=Aplicar..Excluded=Excluido....[Actions]..Actions=Acciones..Action1=Inicio..Action2=Limpiar..Action3=Seguridad..Action3Hint=Proteja su ordenador y su informaci.n personal..Action4=Caja de herramientas..Action4Hint=Herramientas y aplicaciones que le ayudaran a administrar de forma segura el o

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-E1UCS.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):96723
                                                                                                                              Entropy (8bit):4.750419032324512
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:HQawOWr9tSlBvlELHD0yOlFEsLTkouRNTwgs//Yulvx8jFmtVT2SiztAfT/iKEn:HQawOWriplELHDzOlFEsLTko6NTw9/1C
                                                                                                                              MD5:F8C18A2BFC5DC086860720BF04738887
                                                                                                                              SHA1:005AE69894FA519AF628CB5A13A0FEAA4F119885
                                                                                                                              SHA-256:FAFBAD18C2E6662179174592667B90EF4C250180BC692F28C82D95EE15F00F4B
                                                                                                                              SHA-512:C2FFD75B0BA9D1900F769E14D05DFFED680A02B1D7CC4902F275CDABE675A618CE094B0A7C067893CBFEBB9A2516790A2C827537C193D61327C2353D38A89FB2
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Riduci a icona..Close=Chiudi..Exit=Esci..Help=?..StartScan=Avvia analisi..Cancel=Annulla..Details=Dettagli..MoreInfo=Ulteriori informazioni..Fix=Correggi..SelectAll=Seleziona tutto..DeselectAll=Deseleziona tutto..SelectCustom=Seleziona personalizzato..Scan=Analizza..Find=Trova nei risultati:..Search=Trova..Remove=Rimuovi..Save=Salva..AddItem=Aggiungi voce..RemoveItem=Rimuovi voce..RemoveItems=Rimuovi voci..ClearAll=Cancella tutto..Add=Aggiungi..Edit=Modifica..Delete=Cancella..Back=Indietro..Next=Avanti..Refresh=Aggiorna..CheckAll=Seleziona tutto..UncheckAll=Deseleziona tutto..SaveClose=Salva e Chiudi..OK=OK..No=No..OkThanks=OK, grazie..NoThanks=No grazie..Yes=S...Apply=Applica..Excluded=Escluso....[Actions]..Actions=Azioni..Action1=Home..Action2=Pulizia..Action3=Sicurezza..Action3Hint=Proteggere il computer e le informazioni personali..Action4=Casella strumenti..Action4Hint=Strumenti e applicazioni per agevolare la gestione in sicurezza del computer..Action5=O

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-EMTEG.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (408), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):95521
                                                                                                                              Entropy (8bit):4.858845216734456
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:WcCHxbyYxDj1Uens4ssUVTDukUrtMOLLioJ8oBBN+zLeWJn3CviRxjw9qN2zwIhM:KxbyYx/1Uens4ssIukUrCOLLidMBszi8
                                                                                                                              MD5:32F8D94CF3326E223D0A3B572C22A069
                                                                                                                              SHA1:1FBB2CB20E4541FA189C85EF42742E5130ECDE0C
                                                                                                                              SHA-256:4B23102A29739E5A2A3B65A1AD1089FB5823B17ED97B4434CE33F576BB959FF6
                                                                                                                              SHA-512:6E0AD2A60E346C4FF6502404A833905AE2A5E179398CE17BA4D646BA8DFE3226186A153E21CF972AA8E120FA68ECA0A15AF697EDCC9AA14952911781B9A76E0F
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Pienenn...Close=Sulje..Exit=Lopeta..Help=Ohje..StartScan=Aloita skannaus..Cancel=Peruuta..Details=Yksityiskohdat..MoreInfo=Lis.tietoja..Fix=Korjaa..SelectAll=Valitse kaikki..DeselectAll=Poista kaikkien valinta..SelectCustom=Valitse arvot..Scan=Skannaus..Find=Etsi..Search=Hae..Remove=Poista..Save=Tallenna..AddItem=Lis.. kohde..RemoveItem=Poista kohde..RemoveItems=Poista kohteet..ClearAll=Tyhjenn. kaikki..Add=Lis....Edit=Muokkaa..Delete=Poista..Back=Takaisin..Next=Seuraava..Refresh=P.ivit...CheckAll=Valitse kaikki..UncheckAll=Poista kaikki valinnat..SaveClose=Tallenna && Sulje..OK=OK..No=Ei..OkThanks=OK, kiitos..NoThanks=Ei kiitos..Yes=Kyll...Apply=K.yt...Excluded=Poissuljettu....[Actions]..Actions=Toiminnat..Action1=Etusivu..Action2=Puhdista..Action3=Turvallisuus..Action3Hint=Suojele tietokonettasi ja henkil.tietojasi..Action4=Ty.kalupakki..Action4Hint=Ty.kaluja ja sovelluksia, joilla voit hallita turvallisesti tietokonettasi..Action5=Optimoi..Act

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-GSPK3.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5092712
                                                                                                                              Entropy (8bit):6.674014917618654
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:2DFTjRq/SOxAS5hYcJ4A5PGxlU3R1HlpF1EhyOiFdx1sYlaTl8+cO:2DNFqJ5+xlWR1HZWyOiN1QXz
                                                                                                                              MD5:FFCD8953CCB602777CE77EF08F6368C7
                                                                                                                              SHA1:5B09ED4D4409D55BB6C96B820610D69C6CB41D38
                                                                                                                              SHA-256:42A13260527EA1E944791C267095B3558438020F6B16FC639222FA4ABFE5905B
                                                                                                                              SHA-512:693D83399C5EC7F0063C412156A7899AEBDF71B40E62565E4E0704CF95E185C96FC7E173E93E2B4440D05C9F351EE9AF6E2A2B7D9705D73965F39B7520A12C87
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...7".f.................R:..6.......T:......p:...@..........................pN......CN...@......@...................`=.......=..;....B..r............M.h)....=..U............................=.....................L.=......P=......................text.....:.......:................. ..`.itext..tI... :..J....:............. ..`.data........p:......V:.............@....bss.....z....<..........................idata...;....=..<...t<.............@....didata......P=.......<.............@....edata.......`=.......<.............@..@.tls....X....p=..........................rdata..].....=.......<.............@..@.reloc...U....=..V....<.............@..B.rsrc....r....B..r....B.............@..@.............pN.......M.............@..@................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-HC9LK.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (456), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):100922
                                                                                                                              Entropy (8bit):5.224168864114355
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:cJddFe2KY3HUFKkib/sacRiF+iWUXBHZi:vY3HUFKkib/sakiFrJXBHZi
                                                                                                                              MD5:2E82A327D2DA7F810F3D25AE02EB9B4F
                                                                                                                              SHA1:55903A18F8EEF320AEA8FE93547FB217244DA8D7
                                                                                                                              SHA-256:E7D47C0F54644A48493421075F5B17C53BF3302565B8178E60F64A2393F7145C
                                                                                                                              SHA-512:1BFA12E50D859639D975D2AC390C8CBCCACD080D6083BE5BB5744219A8F114A6FAF277F3511AAF3C6F36CD4EF5F706732832F4FF49D7AC060BB4055C2BFA87A5
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Zmniejsz..Close=Zamknij..Exit=Zako.cz..Help=Pomoc..StartScan=Skanuj..Cancel=Anuluj..Details=Szczeg..y..MoreInfo=Wi.cej informacji..Fix=Napraw..SelectAll=Zaznacz wszystko..DeselectAll=Odznacz wszystko..SelectCustom=Wyb.r w.asny..Scan=Skanuj..Find=Znaleziono w wynikach:..Search=Wyszukaj..Remove=Usu...Save=Zapisz..AddItem=Dodaj element..RemoveItem=Usu. element..RemoveItems=Usu. elementy..ClearAll=Wyczy.. wszystko..Add=Dodaj..Edit=Edytuj..Delete=Usu...Back=Wstecz..Next=Dalej..Refresh=Od.wie...CheckAll=Zaznacz wszystkie..UncheckAll=Odznacz wszystkie..SaveClose=Zapisz i zamknij..OK=OK..No=Nie..OkThanks=Ok, dzi.kuj...NoThanks=Nie, dzi.kuj...Yes=Tak..Apply=Zastosuj..Excluded=Wykluczone....[Actions]..Actions=Dzia.ania..Action1=Strona g..wna..Action2=Wyczy....Action3=Bezpiecze.stwo..Action3Hint=Chro. sw.j komputer i.osobiste dane..Action4=Narz.dzia..Action4Hint=Narz.dzia i.aplikacje pomagaj.ce bezpiecznie zarz.dza. komputerem..Action5=Opt

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-I3BOT.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:MS Windows 95 Internet shortcut text (URL=<https://www.pchelpsoft.com/>), ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):53
                                                                                                                              Entropy (8bit):4.502718624949096
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:HRAbABGQYm2frSLf0Gyn:HRYFVm4GLryn
                                                                                                                              MD5:B02B6C7633D3E401211E70183F832CFA
                                                                                                                              SHA1:D964AA34AA5E6D862433DAF7DEEBCF891F34EE91
                                                                                                                              SHA-256:EB27035842086FB45A23697824FC6E34C7C5B4947A39C28BDDAA0CE102F68337
                                                                                                                              SHA-512:260CC0DC38A1E904667BEDFDA93D705444038EBC38E5F3B21E9B7BDFD746D4C236C1317C39761971CD4709F1F11BC8F4C26BCD4645DEC3189EBF96C9AFC6AB1B
                                                                                                                              Malicious:false
                                                                                                                              Preview:[InternetShortcut]..URL=https://www.pchelpsoft.com/..

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-IJSKU.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (382), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):90299
                                                                                                                              Entropy (8bit):4.887943066768034
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:EqrcN8h8qoKm58LcM2+IUmSNwzjiYgG504YEnhJ0mxEAszmQAwNq:EAYs8qoKmmLcM2+IUML5VHhJ0mxE5maI
                                                                                                                              MD5:FC72152FEDF9A71D59261027DDD0C366
                                                                                                                              SHA1:ABA64C932CDC079715791495105358D405994AAB
                                                                                                                              SHA-256:999B9B065071B4428E07CFEA82B847588C0A06B2E307256537C355AB0710A36D
                                                                                                                              SHA-512:DBF913A946704B9F465D467C52BEE05719D380F00AAB6030224ACA1534DD89A0F68A71746F0EBDCC99CEEFD880399053A216CE06A42DBB313B119DEF8F27F6DF
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimer..Close=Lukk..Exit=Avslutt..Help=Hjelp..StartScan=Start skanning..Cancel=Avbryt..Details=Detaljer..MoreInfo=Mer info..Fix=Reparer..SelectAll=Merk alt..DeselectAll=Fjern all merking..SelectCustom=Velg tilpasset..Scan=Skanne..Find=Finn..Search=S.k..Remove=Fjern..Save=Lagre..AddItem=Legg til element..RemoveItem=Fjern element..RemoveItems=Fjern elementer..ClearAll=Fjern alle..Add=Legg til..Edit=Rediger..Delete=Slett..Back=Tilbake..Next=Neste..Refresh=Oppdater..CheckAll=Merk av alle..UncheckAll=Fjern avmerking p. alle..SaveClose=Lagre og lukk..OK=OK..No=Nei..OkThanks=OK, takk..NoThanks=Nei takk..Yes=Ja..Apply=Bruk..Excluded=Ekskludert....[Actions]..Actions=Handlinger..Action1=Hjem..Action2=Rens..Action3=Sikkerhet..Action3Hint=Beskytt datamaskinen og din personlige informasjon..Action4=Verkt.ykasse..Action4Hint=Verkt.y og programmer som hjelper deg med trygg administrering av datamaskinen..Action5=Optimer..Action5a=Optimering..Action5Hint=Se etter m.ter .

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-KDE3K.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:GIF image data, version 89a, 48 x 48
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3965
                                                                                                                              Entropy (8bit):7.40982595860968
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:I796+qTY+rVj7rP0G3Vd3AbHAEv5+XBBWFVUUfkkVcya3Bu:I79bqk6nL987GBERc2h0u
                                                                                                                              MD5:915F2CE934FD4789216B91BF9C2609FD
                                                                                                                              SHA1:CB942F9E699D07F85A008E8131BB8A92A3974F87
                                                                                                                              SHA-256:135D81FEEF8BC93E48F3D929D9249ABE56E8B0A566F51964C8CAD28602219250
                                                                                                                              SHA-512:273A720A72EB1EF150B3EE33ED39DDF5356753EA09E23726B44223CE4CC2A13CA94AF6E08CB9CD84352A71EC8FA0D6E17B6FC51643E1D9D7A1DAB66B33695C01
                                                                                                                              Malicious:false
                                                                                                                              Preview:GIF89a0.0..U................cdfstv.........................................................................................................................{|~.......mnp.............................................................................wwy....................................................................................................................................!..NETSCAPE2.0.....!.....U.,....0.0.....T......................3..3..............'..%-%............-..-.%.%...........2...0.G.*.*.'.0.........................P.F...).O..Q....`...$.tPa...C.Z. ...].......(S.k....=..."@...W$H.B.%.6mrX.c....n...bQ.....[.K...;c.K!"D9F1:t.....B...H...._:5 R.@........R..uk-...@.K!...,....#.M(..R.....r0.3.B.D..4..fY.;K(...J....>;.H...Ix.9......7...!.....U.,....%.&.....T.....-..R............T................)............%.2..6..6....T..............3.3................!..#...1+..5.....5......."..._?*L....A....).... ..... .)P@h....+$. I..D...1.#..,

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-KMOL8.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (413), with CRLF, CR line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):100205
                                                                                                                              Entropy (8bit):4.890898331675673
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:DVEQwJ76plyVTJrMDl6XBe7+Izgu1GT+yM+Qk/RZkR+Zltiu2S3mdk:D+Kmfryl6Czgu1GTZfZky3iu2O
                                                                                                                              MD5:115F06B8A4042B8E9D7EFD52007143C0
                                                                                                                              SHA1:BC6B211AF256C98E011586D6B011B1C6EDFA33D8
                                                                                                                              SHA-256:B98B5B516C8157A800AD4CD8F24741CB4A2683E93280551C4481FC7C2AC4BEC4
                                                                                                                              SHA-512:0858495C9322506D5DB53D47D456E4A6577CB8F3ADC6709B1AC4D6E7A6402DDFEF6697524872A835E1B07A30F91DFE67ED2A54EFB4735C45A256C5214BDF0529
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimizar..Close=Fechar..Exit=Sair..Help=Ajuda..StartScan=Iniciar An.lise..Cancel=Cancelar..Details=Detalhes..MoreInfo=Mais informa..es..Fix=Corrigir..SelectAll=Selecionar tudo..DeselectAll=Desmarcar todos..SelectCustom=Selecionar personalizado..Scan=Varredura..Find=Localizar..Search=Procurar..Remove=Remover..Save=Guardar..AddItem=Adicionar iten..RemoveItem=Remover iten..RemoveItems=Remover itens..ClearAll=Eliminar todos..Add=Adicionar..Edit=Editar..Delete=Excluir..Back=Voltar..Next=Seguinte..Refresh=Atualizar..CheckAll=Marcar todos..UncheckAll=Desmarcar todos..SaveClose=Guardar e fechar..OK=OK..No=N.o..OkThanks=OK, obrigado..NoThanks=N.o, obrigado..Yes=Sim..Apply=Aplicar..Excluded=Exclu.do(s)....[Actions]..Actions=A..es..Action1=In.cio..Action2=Limpar..Action3=Seguran.a..Action3Hint=Proteja o seu computador e as suas informa..es pessoais..Action4=Caixa de ferramentas..Action4Hint=Ferramentas e Aplica..es para ajud.-lo a gerir com seguran.a o se

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-L9510.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14579
                                                                                                                              Entropy (8bit):4.841093110997302
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:4u4y64zqfQY0/XDeBZkJVPhbC6UJw3OaeOd9CYp1NKMU2SmwqC55BwSLhLLwtwYR:NY48Aefk12T/5YzpftOC+WNB5/fXGaZ
                                                                                                                              MD5:6D885D79C99B9B8D409C4684BCEA54D2
                                                                                                                              SHA1:20EDDB02737AAD8EC88407E19777534A8ED8E766
                                                                                                                              SHA-256:1923ED5B39D3248FCBC245EB60FC05116FD439E62F2271FB5B7D42FEA8545CBD
                                                                                                                              SHA-512:BB17D8901281FC39A2594BAE85EB81E161BAA74A9A954121A433A37190557580040702E9308B2734CC3B695AE3F8DFE04AFBCCF88D1AEADB6DC939E07FD54C63
                                                                                                                              Malicious:false
                                                                                                                              Preview:[Services]..ACDaemon=ArcSoft Connection Service..Adguard Service=Part of AdGuard product, it blocks ads and dangerous websites. If you use ADGuard keep it enabled...AdobeARMservice=Adobe Acrobat Update Service. This service is not required to start automatically as it can be run manually when needed...Adobe LM service=Adobe Licensing Service. If you do not uses Adobe products, this service can be disabled...AdobeFlashPlayerUpdateSvc=Adobe Flash Player Update Service. This service is not required to start automatically as it can be run manually when needed...AdvancedSystemCareService11=Advanced SystemCare Service. This service is not required to start automatically as it can be run manually when needed...AMD External Events Utility=AMD External Events Utility...AMPPALR3=Intel Wireless Bluetooth Service. Keep enabled. ..AnviCsbSvc=Anvisoft Cloud System Booster Service. AnviCsbSvc is not essential for the Windows OS and can be disabled...Apple Mobile Device=Apple Mobile Device Service. Pa

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-MKA8K.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3011000, page size 1024, file counter 3, database pages 1069, cookie 0x18, schema 4, UTF-8, version-valid-for 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1094656
                                                                                                                              Entropy (8bit):6.128977552298963
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:WY8IyylDzjpmRFQn0g5cqhJWT2mZws7noPrbLT:JrlhyLu
                                                                                                                              MD5:DDBBFDA211ED1460D616A48FE1EF9676
                                                                                                                              SHA1:5306FBA67448AB0C1C3E55808D13B1F900E82493
                                                                                                                              SHA-256:B59785F62C26B60CE5D6E30E88946BFFC3D7EB8C0F572359D36985CA8EE4BC48
                                                                                                                              SHA-512:28CE666FF970741145B26C7850DA551FFF4BEE95881981637C877E82E10A2AEDA2304FE7580AC06FE3CDE175BC51C97502060769B7FA358EB2F82126A520ED38
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ .......-.................................................................-.......x..x...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................atablestartupstartup.CREATE TABLE startup (id integer PRIMARY KEY, file varchar(40), title varchar(40),

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-PIESJ.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3034000, file counter 37, database pages 366, cookie 0x1a, schema 4, UTF-8, version-valid-for 37
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1499136
                                                                                                                              Entropy (8bit):6.371788540768014
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:9KaOirgE5nkCS790LzifWRNuxPLdDwdnaUbn0VqDgESh7LMx/UApkuQSVvIQ/w81:9KaOirx5nZSp0LzifuUPLdDw59bnCqDv
                                                                                                                              MD5:A59CF386E89C3726389A58AC9301E174
                                                                                                                              SHA1:8B8A4CD4184D38A2FC3594633E3CEFD2EEB3E81A
                                                                                                                              SHA-256:F02FA210DE3BD77D561C232764BF917538E6543352CA2AC81EAB8522572F9C29
                                                                                                                              SHA-512:7F62D04AD851C2BD66BEFA785CE67AD566C023EAB670527C7C51D233CC62E2D2E33669D46197161D96124103D26FA8DF97DD5545EFCDD041B9B8E317D17CCA79
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ...%...n...............................................................%..K..........j.......7.....i.....<......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-QSUE4.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (479), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):102006
                                                                                                                              Entropy (8bit):4.957828326544856
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:KIuRY5Ov7Ii/sPsNf8a9GnhkmVTLdsPdjjNOzAKH7oVkZQpxacNqbVTXZI2FQe0n:Huue7IcsUEKGnxdsPlYHul6Vqyj6z
                                                                                                                              MD5:54C515BFCA3BE851C5BA289D8B2EF2E4
                                                                                                                              SHA1:33115AC708C444FB0B974838A22D19CD2273E960
                                                                                                                              SHA-256:BE36EF613BD8E7746E00573F7DDB24D551BBEB4EF1E75125CC92893870269623
                                                                                                                              SHA-512:E88B70CBCBBC866CBEF795A1EAE7349986C3DC88C05F944A95EAE75752B54861FF6FE949D059BD532EB0EE0E85E5B6A95FF47DD4655B5F8C1AF83E6B5EDEEB01
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=Minimieren..Close=Schlie.en..Exit=Beenden..Help=Hilfe..StartScan=Pr.fung starten..Cancel=Abbrechen..Details=Details..MoreInfo=Mehr Info..Fix=Beheben..SelectAll=Alles markieren..DeselectAll=Nichts markieren..SelectCustom=Benutzerdefinierte Auswahl..Scan=Pr.fen..Find=In den Ergebnissen finden:..Search=Suchen..Remove=Entfernen..Save=Speichern..AddItem=Hinzuf.gen..RemoveItem=Entfernen..RemoveItems=Elemente entfernen..ClearAll=Alles entfernen..Add=Hinzuf.gen..Edit=Bearbeiten..Delete=L.schen..Back=Zur.ck..Next=Weiter..Refresh=Aktualisieren..CheckAll=Alles markieren..UncheckAll=Nichts markieren..SaveClose=Speichern und Schlie.en..OK=OK..No=Nein..OkThanks=OK, danke..NoThanks=Jetzt nicht..Yes=Ja..Apply=.bernehmen..Excluded=Ausgeschlossen....[Actions]..Actions=Aktionen..Action1=Start..Action2=S.ubern..Action3=Sicherheit..Action3Hint=Computer und pers.nliche Daten sch.tzen..Action4=Toolbox..Action4Hint=Tools und Anwendungen zur sicheren Verwaltung des Computer

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-R89KD.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Generic INItialization configuration [Actions]
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):83750
                                                                                                                              Entropy (8bit):4.8644628536139995
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:vIuMCZO9ZAxZFhk/YnODFOKSXXW8EeOeO7NC5u8FzoNO44z4FaQxBWdseSeaVHEU:QwY0ZOGXu7NC5u8FziO+zxBvjEMr
                                                                                                                              MD5:C304408A360456B08D1FDF319166702D
                                                                                                                              SHA1:5B58C82FD4F316AED09BBDCAEB1A895AFC3F42DB
                                                                                                                              SHA-256:B6CCD92470726F0D35D0DC7A8F61DD0F17AC06C55550939351C49ACD2809E919
                                                                                                                              SHA-512:02CFBE75D6410CBB5484084176EF88FC1E4C5EC2CADF3EB871B14625B05770BC1D9AC0FF3022EDDDD312F7B603171BC963CD63623678AB4086265C4AA66C07E1
                                                                                                                              Malicious:false
                                                                                                                              Preview:..[Buttons]..Minimize=Minimize..Close=Close..Exit=Exit..Help=Help..StartScan=Start Scan..Cancel=Cancel..Details=Details..MoreInfo=More info..Fix=Fix..SelectAll=Select all..DeselectAll=Deselect all..SelectCustom=Select custom..Scan=Scan..Find=Find..Search=Search..Remove=Remove..Save=Save..AddItem=Add item..RemoveItem=Remove item..RemoveItems=Remove items..ClearAll=Clear all..Add=Add..Edit=Edit..Delete=Delete..Back=Back..Next=Next..Refresh=Refresh..CheckAll=Check all..UncheckAll=Uncheck all..SaveClose=Save && Close..OK=OK..No=No..OkThanks=OK, thanks..NoThanks=No, thanks..Yes=Yes..Apply=Apply..Excluded=Excluded....[Actions]..Actions=Actions..Action1=Home..Action2=Clean Up..Action3=Security..Action3Hint=Protect your computer and your personal information..Action4=Toolbox..Action4Hint=Tools and Applications to help you safely manage your computer..Action5=Optimize..Action5a=Optimization..Action5Hint=Check for ways to optimize your PC..Action6=Settings..Action6a=Program settings....[Messages

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-TE37R.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):120532
                                                                                                                              Entropy (8bit):5.4969391087049155
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:jfSuH2hSjL2UtPs3lM2hvSnBtS6DljVlP+2I9MxgsmkCrmkAYmooIw94:jfSuH2hW28seNjtjVlP+2I99kCrmdIwa
                                                                                                                              MD5:DA25BD216C22695F2EABEE6725E5BB25
                                                                                                                              SHA1:424E75FDB1EE19782318EC0D7587A88912768EE4
                                                                                                                              SHA-256:D7CD804A5367C063FC3F8BF90CA07155E514E17542F16FC308AB035A41BF136D
                                                                                                                              SHA-512:F8302C877A6B669AAB88498DE6BDE4F84614EA12E2066B7FFC0CE2CEE300B33D2B5543EEB812E4B02683FE3E067A698473F72B74294463F09EE8946BCFBF0EBC
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=.........Close=...(C)..Exit=..(X)..Help=...(H)..StartScan=........Cancel=.......Details=....MoreInfo=........Fix=....SelectAll=.......DeselectAll=.........SelectCustom=.........Scan=......Find=....Search=....Remove=....Save=....AddItem=.......RemoveItem=.......RemoveItems=.......ClearAll=........Add=....Edit=..(E)..Delete=....Back=....Next=............Refresh=....CheckAll=.........UncheckAll=...........SaveClose=.........OK=OK..No=.....OkThanks=OK.............NoThanks=......Yes=....Apply=....Excluded=........[Actions]..Actions=....Action1=.....Action2=.........Action3=........Action3Hint=..........

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-TQTDS.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4351
                                                                                                                              Entropy (8bit):4.401618076790458
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:kxXH+TBvERKDzCxLg+lQm+zHj6DnojA4MCBhqmhEWl7GMCdM9:kReFE0DzgMn3zD6DnomCZhEWl7GMGe
                                                                                                                              MD5:023938522A2335379044391C1B83656A
                                                                                                                              SHA1:1761B2DCADB48689C7C052393490043E050E5FEA
                                                                                                                              SHA-256:66AAE467EF3636628B6EB4C4DC2E210990BB6440653CC3AAFB7800B89A8DA1EC
                                                                                                                              SHA-512:0F88726EE74A9D51DFD888120D0E0DC1C66949374388EF4A394B4A2CD59056DBADA68FE75929F4374B4441CFD8B8100E5EDFAAA2982DBA9F02D0322F1D1DD389
                                                                                                                              Malicious:false
                                                                                                                              Preview:abc.es..actualidad.rt.com..ad.nl..adaware.com..alibaba.com..allrecipes.com..apost.com..apps.facebook.com..ar.pinterest.com..as.com..asahi.com..assure.ameli.fr..atrapalo.com..atrapalo.com.ar..aujardin.info..auto-doc.fr..auto-doc.it..auto-motor-und-sport.de..autodoc.de..autodoc.es..autoparti.it..badoo.com..banggood.com..bestday.com.ar..bilibili.com..blog.giallozafferano.it..bolavip.com..bonial.fr..book.lufthansa.com..boxil.jp..br.pinterest.com..brigitte.de..businessinsider.de..calendar.google.com..canaltech.com.br..case.trovit.it..cbssports.com..chinatimes.com..cnet.com..comingsoon.it..commonhealth.com.tw..computerbild.de..conforama.fr..consoglobe.com..cronica.com.ar..cw.com.tw..dafiti.com.br..daily.co.jp..dailymail.co.uk..derwesten.de..diariosur.es..digitaltrends.com..dn.pt..donnamoderna.com..dresslily.com..drive.google.com..duo.google.com..duolingo.com..ecologiaverde.com..economia.uol.com.br..elcorreo.com..elindependiente.com..ellitoral.com..elperiodico.com..endesaclientes.com..erecipe

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-UC71B.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1050
                                                                                                                              Entropy (8bit):4.544556686156469
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:KqxHibUFGQSU6ifMyQW6wGtTwpTdTiToZT+T6rLTA:KqxHI4l2woTcTdTiTUT+T6rLTA
                                                                                                                              MD5:82B0C12AFC82BB2CE9FE25055032012A
                                                                                                                              SHA1:C1686583E644F810495B49FFDDE585AB53F5AE1E
                                                                                                                              SHA-256:C1DB4573E9D2A9C4FED3AF2B14214C2A1A38DB79FC72A77BD5239FC2C6C561B6
                                                                                                                              SHA-512:EA825B3E8D3877E94FE3F6D14026E9C45F4F4B4CFF7FDDA7E935A23456289D8891D234AD0E72A04ACED9D0A79610C94C270CC073E82FA2564FAC41551C95684B
                                                                                                                              Malicious:false
                                                                                                                              Preview:bhsffnfou>Bhsffnfout..bhsffnfout>Bhsffnfout..cfofgjdjbsjft>Bhsffnfout..cfofgjdjbsz>Bhsffnfout..dpousbdut>Bhsffnfout..dpousbdu>Bhsffnfout..dpogjefoujbm>Bhsffnfout..mbtu!xjmm!boe!uftubnfou>Bhsffnfout..mbtu!xjmm>Bhsffnfout..cboljoh>Gjobodjbm..cbolt>Gjobodjbm..cbol>Gjobodjbm..cvehfufe>Gjobodjbm..cvehfut>Gjobodjbm..cvehfu>Gjobodjbm..efcut>Gjobodjbm..efcu>Gjobodjbm..gvoe>Gjobodjbm..qbzdifdlt>Gjobodjbm..qbzdifdl>Gjobodjbm..ubyft>Gjobodjbm..uby>Gjobodjbm..dsfeju!dbset>Gjobodjbm..dsfeju!dbse>Gjobodjbm..ejsfdu!efqptjut>Gjobodjbm..ejsfdu!efqptju>Gjobodjbm..OOOO.OOOO.OOOO.OOOO>Gjobodjbm..OOOO!OOOO!OOOO!OOOO>Gjobodjbm..OOOO!OOOOOO!OOOOO>Gjobodjbm..OOOO.OOOOOO.OOOOO>Gjobodjbm..OOO.OO.OOOO>Gjobodjbm..OOO!OO!OOOO>Gjobodjbm..21:6.b>Gjobodjbm..2151>Gjobodjbm..21::>Gjobodjbm..21:9>Gjobodjbm..x.5>Gjobodjbm..x.3>Gjobodjbm..l.2>Gjobodjbm..x5>Gjobodjbm..x3>Gjobodjbm..l2>Gjobodjbm..qbttxpset>QfstpobmJEt..qbttxpse>QfstpobmJEt..tpdjbm!tfdvsjuz>QfstpobmJEt..tto>QfstpobmJEt..esjwfs!mjdfotft>QfstpobmJEt..esjwfs!mj

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-UL898.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (424), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):100259
                                                                                                                              Entropy (8bit):5.116644952528434
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:hTSNYEXntlGmasq1LvHlcV5xYAlhHMktLM:4Xdq1LvHl3QvM
                                                                                                                              MD5:3BAF1D442D07C85D23A6F32D8B2952D8
                                                                                                                              SHA1:C55A9F41F1177307413EF9B0977FE0C20755B856
                                                                                                                              SHA-256:7D6AF04ABBBD0B4AA88A67F9477FC1B6F2C40AA0A32843AE95AACD3A20938533
                                                                                                                              SHA-512:F42D9435EB0E120F182FA3DCDE31A22303EBE2F2D5916F2A1BD37427D4D9E7B7EE539D8B94782729FC00E3A54BF2B2F6BB457A82C85B6743D27B3AAEBCD9A452
                                                                                                                              Malicious:false
                                                                                                                              Preview:...[Buttons]..Minimize=K...ltmek..Close=Kapat..Exit=..k....Help=Yard.m..StartScan=Tarama Ba.lat..Cancel=.ptal..Details=Ayr.nt.lar..MoreInfo=Daha fazla bilgi..Fix=D.zelt..SelectAll=T.m.n. se...DeselectAll=T.m.n.n se.imini kald.r..SelectCustom=.zel olarak se...Scan=Tara..Find=Bul..Search=Ara..Remove=Kald.r..Save=Kaydet..AddItem=..e ekle..RemoveItem=..e kald.r..RemoveItems=..eleri kald.r..ClearAll=T.m.n. temizle..Add=Ekle..Edit=D.zen..Delete=Sil..Back=Geri..Next=.leri..Refresh=Yenile..CheckAll=T.m.n. i.aretle..UncheckAll=T.m.n.n i.aretini kald.r..SaveClose=Kaydet ve Kapat..OK=Tamam..No=Hay.r..OkThanks=Tamam, te.ekk.rler..NoThanks=Hay.r, te.ekk.rler..Yes=Evet..Apply=Uygula..Excluded=Hari. tutuldu....[Actions]..Actions=Eylemler..Action1=Ana Sayfa..Action2=Temizle..Action3=G.venlik..Action3Hint=Bilgisayar.n.z. ve ki.isel bilgilerinizi koruyun..Action4=Ara. Kutusu..Action4Hint=Bilgisayar.n.z. g.venli .ekilde y.netmenize yard.

                                                                                                                              C:\Program Files (x86)\PC Cleaner\is-VS3FJ.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:Non-ISO extended-ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):79132
                                                                                                                              Entropy (8bit):4.9883854846897835
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:1VtVSx3JV4033wYcwjSXAiy7WGmJQ2r3O:/SLuqRDj6AikINe
                                                                                                                              MD5:3F38DA16BF0FA5442D7B88EDD6066A3B
                                                                                                                              SHA1:FE561584BD06952F3991FAE779DF2AAA812D34F9
                                                                                                                              SHA-256:6F9BE4AEB21A135EB5476B740EC5CB6D26A2271E975931F4C3A8133D9E4567E7
                                                                                                                              SHA-512:8BBDFE302C06CC566A1FA4BA6675D40F7879AF257A0CCFC7DC2EA16E4460AC8A34AD7BAA1361B62076876235C07BC060284E97D611F174874312D101CF437FAC
                                                                                                                              Malicious:false
                                                                                                                              Preview:\BWQsphsbnt^..XJOEPXTEFGFOEFS>Njdsptpgu!nbmxbsf!qspufdujpo!jodmvefe!xjui!boe!cvjmu!joup!Xjoepxt!tubsujoh!xjui!Xjoepxt!9/!Uijt!tpguxbsf!ifmqt!jefoujgz!boe!sfnpwf!wjsvtft-!tqzxbsf!boe!puifs!nbmjdjpvt!tpguxbsf/..BWBTU>Qbsu!pg!Bwbtu!boujwjsvt!qsphsbn/!Ju!jt!jnqpsubou!up!lffq!bdujwf!up!fotvsf!uibu!zpvs!boujwjsvt!jt!bmxbzt!vq!up!ebuf/..BWBTU6>Tztufn!Usbz!Jdpo!gps!Bwbtu!Boujwjsvt!6/!Ju!jt!jnqpsubou!up!mfbwf!uijt!bdujwf!bu!tubsuvq!up!fotvsf!uibu!zpvs!boujwjsvt!jt!bmxbzt!vq!up!ebuf..BWBTU">Qbsu!pg!uif!Bwbtu"!boujwjsvt!tpguxbsf/!Tztufn!usbz!bddftt!up!boe!opujgjdbujpot!gps!uif!wfstjpo!6!boe!7!tfsjft!pg!boujwjsvt!boe!joufsofu!tfdvsjuz!qspevdut/..BWHOU>Tztufn!Usbz!Opujgjfs!gps!Bwjsb!BoujWjs!boujwjsvt!qspevdut/!Mfbwf!bdujwf!jo!zpvs!tubsuvq!nfov!up!fotvsf!zpvs!boujwjsvt!jt!bmxbzt!vq!up!ebuf!boe!uibu!zpv!sfdfjwf!opujgjdbujpot!pg!boz!qspcmfnt/..BWH`USBZ>Tztufn!Usbz!bddftt!gps!BWH!bojujwjsvt!qspevdut/!Mfbwf!bdujwf!jo!zpvs!tubsuvq!nfov!up!fotvsf!uibu!zpvs!boujwjsvt!jt!bmxbzt!vq!up!ebuf!boe!uibu!zpv!sfdfj

                                                                                                                              C:\Program Files (x86)\PC Cleaner\net.db

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3022000, file counter 46, database pages 495, cookie 0x23, schema 4, UTF-8, version-valid-for 46
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2027520
                                                                                                                              Entropy (8bit):6.455430259852752
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:HKaOirx5nZSp0LzifuUPLdDw59bnCqDgEShLMCgktSVvIQ/w+8/FsIYcyjyoo98s:k3HWs
                                                                                                                              MD5:D7407724530566531D462B1CEDCA135F
                                                                                                                              SHA1:9FCD5C9D59DB07E32F10F08244A323F908F6DF11
                                                                                                                              SHA-256:D19405B1913990EE91BF84B4F3FC5036AD31F4BC5651BD9F189607C91D4DD9D0
                                                                                                                              SHA-512:59E6695794EF16E9D98436F8CD218D297A1741EABED1EEFB8A6C2F6CA8C5C529C2FB26620D30DE595704BD03592AE4ECB0E3C66AC43E6B0FFFA6EEA55AD65447
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ...................#..............................................................P..j.......7.....i.....<...A.....P............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\net.db-journal

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:SQLite Rollback Journal
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2032568
                                                                                                                              Entropy (8bit):6.4582344821328626
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:OwROMAZSGSgDjczpCox4d/t0BnbnzFq5ESyLZ14rKfxJ/XMiw36bS09YlRvGrVNF:p7xtl
                                                                                                                              MD5:92ABF36371349FD953B24C6038B508DC
                                                                                                                              SHA1:B07310C79F830EB82A39A55B6022B84860A7D91A
                                                                                                                              SHA-256:6A405FE6F254CEA1699751E9372A06E23E5AD64D81CE6046C00D6BE39FE099C2
                                                                                                                              SHA-512:6B3D119B79330603BB5C2501FC6B7AB7C2BBB3E5E04AAC076B2FEDD7BCB8F19F5421F6CCF34E22CBAAF08D9DA597D3791C28AF8DD39DC8D56EDD91EED50DAA7E
                                                                                                                              Malicious:false
                                                                                                                              Preview:.... .c......]......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ...-..............."...................................................-..........P..j.......7.....i.....<...A.....P........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\sqlite3.dll (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):870912
                                                                                                                              Entropy (8bit):6.540580612211194
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:XTtmtnhKqK75YJ4+X8NLXBIXcgVMU//GV:Xshc84y8NLXBUjc
                                                                                                                              MD5:97CC21B74D8F314C86BF2CE3D48315F9
                                                                                                                              SHA1:2B4CF9651B033F19D560D30BAAD83273DC3D990D
                                                                                                                              SHA-256:13FDC7A5FDA77CC02F8D526873F7459F068F359850C994E5BE9885A01B4257D8
                                                                                                                              SHA-512:3C61D305EC9482B3FF4146700920D570DE27ADB2C4E19F4B6AE67C08CC5A23DAFD4AC0653AAC6F29193873A698B1A956942E39024C839F4E1F0B2131D94B67DF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4fZ.>.........!.........2.....................a.......................................... .........................[.... ..0....P...................2...`...0...........................@.......................!...............................text...............................`.P`.data...............................@.`..rdata..............................@.`@.bss..................................`..edata..[........ ..................@.0@.idata..0.... ......................@.0..CRT....,....0......................@.0..tls.... ....@......................@.0..rsrc........P......................@.0..reloc...0...`...2..................@.0B/4...................8..............@.@B/19.................<..............@..B/31..........P......................@..B/45..........p......................@..B/57.................................@.0B/70.....i...............

                                                                                                                              C:\Program Files (x86)\PC Cleaner\unins000.dat

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:InnoSetup Log PC Cleaner, version 0x418, 38060 bytes, 301389\37\user\376, C:\Program Files (x86)\PC Cleaner\376\377\
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):38060
                                                                                                                              Entropy (8bit):3.869270941041167
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:sHbXEn6A2u2V7uVuUyZnr9/bE6ldJVLdV1wIblbPeBJpukC66AHN:IbPFEIblbSb
                                                                                                                              MD5:37F44E16C93B3992DF2DD6396BEC12E4
                                                                                                                              SHA1:9418A2E9FE1490DD1A79E3FA004FBABB63C49701
                                                                                                                              SHA-256:ABC5B17D92CC35314083A659362DA145176A47D96D1C95E28DEC56585886EF90
                                                                                                                              SHA-512:AF5D479792336F9C0470F7CDD96FBE2201E7DDAFA7E0447422581C373E65A8618DE2A20FF27E98A40076734C9086E7723659C7DA82FA0C899C7F08565369EB4A
                                                                                                                              Malicious:false
                                                                                                                              Preview:Inno Setup Uninstall Log (b)....................................PC Cleaner......................................................................................................................PC Cleaner..........................................................................................................................8........................................................................................................................$<............n......}........3.0.1.3.8.9......j.o.n.e.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r....................... ......w......IFPS....>...i....................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TWIZARDPAGE....TWIZARDPAGE.........TCHECKBOX....TCHECKB

                                                                                                                              C:\Program Files (x86)\PC Cleaner\unins000.exe (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3204968
                                                                                                                              Entropy (8bit):6.335379144440448
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:HEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY21:b92bz2Eb6pd7B6bAGx7s333TD
                                                                                                                              MD5:CCCE5E18D7E151BBFB8592DCB09AF84B
                                                                                                                              SHA1:5917A85D9D6EF21D51C8DBCF5BF88BE8DF8B690C
                                                                                                                              SHA-256:171D6009023E968B888D82E5EEA3128477EB6FBE3FAAAA3B98195706433622AD
                                                                                                                              SHA-512:42CA97DB03B90F0C3506292C272C680119A68E35FDB9B928567A4D59E520AB05338935B5C321AA93BBC3DF53EFA9651752DAED48132F71357855A439A67E1E14
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1.....v.1...@......@....................-......p-.29....-...............0.h)....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                              C:\Program Files (x86)\PC Cleaner\unins000.msg

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):24097
                                                                                                                              Entropy (8bit):3.2754883918216606
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:b1EjNSCkf3SCqsTr6CCPanAG1tznL7VF+Iqfc51U5YQDztXfbKJG/Bfvg:b1EK6CHr6fSX+7Q1U5YQDztB/B3g
                                                                                                                              MD5:D3690E7E35CEA79B66D17A069C3B947B
                                                                                                                              SHA1:CEE595DE103E3E46CEE46D7E303A1B7876E44874
                                                                                                                              SHA-256:5C3A688B292CE9CD98290BC1F4C525CCF42E3537CA704555C8BF058FDEF10D27
                                                                                                                              SHA-512:0A198D4A9FEFEA8CBC49AEBB7117CBF65CD85601CCE56896482B4E2A67942095C08127DBDC52A4D86FB07CEC398FB86B2B436DD834B9365E2626D56E5B0E40A2
                                                                                                                              Malicious:false
                                                                                                                              Preview:Inno Setup Messages (6.0.0) (u)......................................]..+..... .C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\PC Cleaner on the Web.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 24 09:30:12 2024, mtime=Wed Apr 24 09:30:12 2024, atime=Thu Nov 2 10:38:22 2023, length=53, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1112
                                                                                                                              Entropy (8bit):4.588058853580851
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:8mlawFLEPdOEHSRw5zOm9kUApk/AdnmOdnm5UUTG4nXnMqyFm:8mlawFoPdOr0zOCkjpZdnHdnvUbXVyF
                                                                                                                              MD5:4B771B20C2500D2AE4F60BDFD6515602
                                                                                                                              SHA1:078208B732FC40C87FDD525C46EBFB4F27BEBD4E
                                                                                                                              SHA-256:AD89DFB109101CA1F90853F5292D6238D17E9CB17ABA5650EBD010590E616CF2
                                                                                                                              SHA-512:764B362D124F99BE360EC0F8CB5935A49B7051FE6717660E63CC0503F9FB6E6729FB36122E942FFC3297AD5BB4AFD510FCD1939EBFB6DCEB0315CCADD6D959E2
                                                                                                                              Malicious:false
                                                                                                                              Preview:L..................F.... ...!..c2...!..c2.....J.....5............................P.O. .:i.....+00.../C:\.....................1......X.S..PROGRA~2.........O.I.X.S....................V.....O.M.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X.S..PCCLEA~1..F......X.S.X.S....a......................j..P.C. .C.l.e.a.n.e.r.....f.2.5...bW.\ .HomePage.url..J......X.S.X.S..............................H.o.m.e.P.a.g.e...u.r.l.......]...............-.......\..............,.....C:\Program Files (x86)\PC Cleaner\HomePage.url..=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r.\.H.o.m.e.P.a.g.e...u.r.l.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r.........*................@Z|...K.J.........`.......X.......301389...........hT..CrF.f4... ..~T..b...,.......hT..CrF.f4... ..~T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5

                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\PC Cleaner.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 24 09:30:11 2024, mtime=Wed Apr 24 09:30:12 2024, atime=Wed Apr 3 10:32:12 2024, length=10560360, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1117
                                                                                                                              Entropy (8bit):4.6060950415594775
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:8mO1IUFLEPdOEHSRw5zOm78AOk/ldnmJWdnm5UUTGfqyFm:8mOPFoPdOr0zOk7OednwWdnvUxyF
                                                                                                                              MD5:3939AE8F26C3214DD68108524AAD6790
                                                                                                                              SHA1:BDBC7661260A0EA8CBEFE44A38AC74EBCDDB26A3
                                                                                                                              SHA-256:5C6DFB9B7B7D13EBDB492A87DF7172BA08C9E5BFA61286EB401EB8F1AF15C68C
                                                                                                                              SHA-512:43E9CAF9024B2BDC030071523CD4CEC1EB74A134B009552AA9CA04109D1CA5F9259B12C1510F9193A5ADEE5B00CFB9F0B45475EC4DD407093596F52CE0379E0D
                                                                                                                              Malicious:false
                                                                                                                              Preview:L..................F.... ...X..c2......c2...........h#...........................P.O. .:i.....+00.../C:\.....................1......X.S..PROGRA~2.........O.I.X.S....................V.....O.M.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X.S..PCCLEA~1..F......X.S.X.S....a......................j..P.C. .C.l.e.a.n.e.r.....h.2.h#...X.\ .PCCLEA~1.EXE..L......X.S.X.S..............................P.C.C.l.e.a.n.e.r...e.x.e.......^...............-.......]..............,.....C:\Program Files (x86)\PC Cleaner\PCCleaner.exe..>.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r.\.P.C.C.l.e.a.n.e.r...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r.........*................@Z|...K.J.........`.......X.......301389...........hT..CrF.f4... ..~T..b...,.......hT..CrF.f4... ..~T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.

                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\Uninstall PC Cleaner.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 24 09:30:11 2024, mtime=Wed Apr 24 09:30:11 2024, atime=Wed Apr 24 09:30:07 2024, length=3204968, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1112
                                                                                                                              Entropy (8bit):4.63762994762354
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:8mbFLEPdOEHSRw5zOmVKoUApk/WdnmFEdnm5UUTGnqyFm:8mbFoPdOr0zOZojp/dnEEdnvURyF
                                                                                                                              MD5:C896C86CD917D9D9BDB55675CA20B517
                                                                                                                              SHA1:4725EAEDDA9D6D436EF32C91B6990BF464699540
                                                                                                                              SHA-256:0A79BCAE261E9E1B4436DB6EB79A2C63AEE4783F73C93BB603600673CBC77A96
                                                                                                                              SHA-512:09D05BDA47618D20B50CB07A2C6D98A205868EADE4FD0886BAE3B9AC3B4E537A90DBEB7014E8BA9B04093AA3F2624DE9C9F571F0F8CACD5567766781F14ED4E8
                                                                                                                              Malicious:false
                                                                                                                              Preview:L..................F.... ......c2......c2...7.`2...h.0..........................P.O. .:i.....+00.../C:\.....................1......X.S..PROGRA~2.........O.I.X.S....................V.....O.M.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X.S..PCCLEA~1..F......X.S.X.S....a......................j..P.C. .C.l.e.a.n.e.r.....f.2.h.0..X.S .unins000.exe..J......X.S.X.S...........................n?.u.n.i.n.s.0.0.0...e.x.e.......]...............-.......\..............,.....C:\Program Files (x86)\PC Cleaner\unins000.exe..=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r.\.u.n.i.n.s.0.0.0...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r.........*................@Z|...K.J.........`.......X.......301389...........hT..CrF.f4... ..~T..b...,.......hT..CrF.f4... ..~T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5

                                                                                                                              C:\ProgramData\PC Cleaner\CookieExclusions.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):55
                                                                                                                              Entropy (8bit):3.7177241519543403
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:5Lf8H+tDduVZtDn:5oH+if5
                                                                                                                              MD5:739D52336CE8EA7745B52D42C412CC73
                                                                                                                              SHA1:75E9D50AB8F450B35DD6315E799BC7CB7D7DFDDE
                                                                                                                              SHA-256:C451715351632275970F043059C68EA9909A495E73D57B1AED36329DE9F09B20
                                                                                                                              SHA-512:F7ED3EFA7571041D2AAA602332318A64B57CE4BA07C5839B14CD1479A4DF321924D1AA5444AB8FE7D02858018696FD8CD571C36F893B606FB30E77258971940D
                                                                                                                              Malicious:false
                                                                                                                              Preview:bing.com..c1.microsoft.com..google.com..microsoft.com..

                                                                                                                              C:\ProgramData\PC Cleaner\Cookies.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):245
                                                                                                                              Entropy (8bit):4.2187986967942805
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:I6DRnGNKyZCvM30eDKyZTeToj5K4YIKZ8x:I6DRnGNT0EXZTekj5o9ZI
                                                                                                                              MD5:F64C612CF669E719DFABC162FBDD61E5
                                                                                                                              SHA1:A3018CAAD39AB800F8F7E5DF6B7DE136E873E5D6
                                                                                                                              SHA-256:A193F2EBA15CEF7FE439E4F0292AF90BD46EEE89730BD390E04C365F3E62DEB4
                                                                                                                              SHA-512:62922CE844B4B4285D6EB30B7515FC0F1C6552D5825AAA33D2D9CDC091D68CFD503C2D521BC3E26765DF0600652487532F9CE8AB788F9931BF1CDD7BD045CEC2
                                                                                                                              Malicious:false
                                                                                                                              Preview:google.com..gmail.com..youtube.com..aol.com..bing.com..yahoo.com..login.live..outlook.com..microsoft.com..twitter.com..facebook.com..instagram.com..linkedin.com..paypal.com..netflix.com..fatmedia.io..doubleclick.net..clarity.ms..pchelpsoft.com..

                                                                                                                              C:\ProgramData\PC Cleaner\IDs.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1050
                                                                                                                              Entropy (8bit):4.544556686156469
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:KqxHibUFGQSU6ifMyQW6wGtTwpTdTiToZT+T6rLTA:KqxHI4l2woTcTdTiTUT+T6rLTA
                                                                                                                              MD5:82B0C12AFC82BB2CE9FE25055032012A
                                                                                                                              SHA1:C1686583E644F810495B49FFDDE585AB53F5AE1E
                                                                                                                              SHA-256:C1DB4573E9D2A9C4FED3AF2B14214C2A1A38DB79FC72A77BD5239FC2C6C561B6
                                                                                                                              SHA-512:EA825B3E8D3877E94FE3F6D14026E9C45F4F4B4CFF7FDDA7E935A23456289D8891D234AD0E72A04ACED9D0A79610C94C270CC073E82FA2564FAC41551C95684B
                                                                                                                              Malicious:false
                                                                                                                              Preview:bhsffnfou>Bhsffnfout..bhsffnfout>Bhsffnfout..cfofgjdjbsjft>Bhsffnfout..cfofgjdjbsz>Bhsffnfout..dpousbdut>Bhsffnfout..dpousbdu>Bhsffnfout..dpogjefoujbm>Bhsffnfout..mbtu!xjmm!boe!uftubnfou>Bhsffnfout..mbtu!xjmm>Bhsffnfout..cboljoh>Gjobodjbm..cbolt>Gjobodjbm..cbol>Gjobodjbm..cvehfufe>Gjobodjbm..cvehfut>Gjobodjbm..cvehfu>Gjobodjbm..efcut>Gjobodjbm..efcu>Gjobodjbm..gvoe>Gjobodjbm..qbzdifdlt>Gjobodjbm..qbzdifdl>Gjobodjbm..ubyft>Gjobodjbm..uby>Gjobodjbm..dsfeju!dbset>Gjobodjbm..dsfeju!dbse>Gjobodjbm..ejsfdu!efqptjut>Gjobodjbm..ejsfdu!efqptju>Gjobodjbm..OOOO.OOOO.OOOO.OOOO>Gjobodjbm..OOOO!OOOO!OOOO!OOOO>Gjobodjbm..OOOO!OOOOOO!OOOOO>Gjobodjbm..OOOO.OOOOOO.OOOOO>Gjobodjbm..OOO.OO.OOOO>Gjobodjbm..OOO!OO!OOOO>Gjobodjbm..21:6.b>Gjobodjbm..2151>Gjobodjbm..21::>Gjobodjbm..21:9>Gjobodjbm..x.5>Gjobodjbm..x.3>Gjobodjbm..l.2>Gjobodjbm..x5>Gjobodjbm..x3>Gjobodjbm..l2>Gjobodjbm..qbttxpset>QfstpobmJEt..qbttxpse>QfstpobmJEt..tpdjbm!tfdvsjuz>QfstpobmJEt..tto>QfstpobmJEt..esjwfs!mjdfotft>QfstpobmJEt..esjwfs!mj

                                                                                                                              C:\ProgramData\PC Cleaner\SiteNtf.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4351
                                                                                                                              Entropy (8bit):4.401618076790458
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:kxXH+TBvERKDzCxLg+lQm+zHj6DnojA4MCBhqmhEWl7GMCdM9:kReFE0DzgMn3zD6DnomCZhEWl7GMGe
                                                                                                                              MD5:023938522A2335379044391C1B83656A
                                                                                                                              SHA1:1761B2DCADB48689C7C052393490043E050E5FEA
                                                                                                                              SHA-256:66AAE467EF3636628B6EB4C4DC2E210990BB6440653CC3AAFB7800B89A8DA1EC
                                                                                                                              SHA-512:0F88726EE74A9D51DFD888120D0E0DC1C66949374388EF4A394B4A2CD59056DBADA68FE75929F4374B4441CFD8B8100E5EDFAAA2982DBA9F02D0322F1D1DD389
                                                                                                                              Malicious:false
                                                                                                                              Preview:abc.es..actualidad.rt.com..ad.nl..adaware.com..alibaba.com..allrecipes.com..apost.com..apps.facebook.com..ar.pinterest.com..as.com..asahi.com..assure.ameli.fr..atrapalo.com..atrapalo.com.ar..aujardin.info..auto-doc.fr..auto-doc.it..auto-motor-und-sport.de..autodoc.de..autodoc.es..autoparti.it..badoo.com..banggood.com..bestday.com.ar..bilibili.com..blog.giallozafferano.it..bolavip.com..bonial.fr..book.lufthansa.com..boxil.jp..br.pinterest.com..brigitte.de..businessinsider.de..calendar.google.com..canaltech.com.br..case.trovit.it..cbssports.com..chinatimes.com..cnet.com..comingsoon.it..commonhealth.com.tw..computerbild.de..conforama.fr..consoglobe.com..cronica.com.ar..cw.com.tw..dafiti.com.br..daily.co.jp..dailymail.co.uk..derwesten.de..diariosur.es..digitaltrends.com..dn.pt..donnamoderna.com..dresslily.com..drive.google.com..duo.google.com..duolingo.com..ecologiaverde.com..economia.uol.com.br..elcorreo.com..elindependiente.com..ellitoral.com..elperiodico.com..endesaclientes.com..erecipe

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\install[1].htm

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):164
                                                                                                                              Entropy (8bit):4.3701618647560885
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:qVoB3tUROGsIEC3vXboAcMBXqWSH1yIECglIVLLP61IwcWWGu:q43tICIESXiMIWvIEplI5LP8IpfGu
                                                                                                                              MD5:F23C4815ECAEF1588F16AC735C0E15D6
                                                                                                                              SHA1:026BF8CDD5076014B6FC822878E0086EB44DA556
                                                                                                                              SHA-256:43A81FB3D47B34E7D42D6B8444F592ED9251B8E57DB8F67D32419AA40B1480D0
                                                                                                                              SHA-512:BDD9D53DAE95A0927D1A6658E730ADDC9C65895EB8EAE73D5261BB0A3A5EA9835C973EABFB2B9BAC2B4FF068AC98E039E1771EC6C6D890CD995A64A6E667A665
                                                                                                                              Malicious:false
                                                                                                                              Preview:<html>..<head><title>308 Permanent Redirect</title></head>..<body>..<center><h1>308 Permanent Redirect</h1></center>..<hr><center>nginx</center>..</body>..</html>..

                                                                                                                              C:\Users\user\AppData\Local\Temp\etilqs_21VpiMtiVJlr4vv

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3022000, file counter 1, database pages 495, cookie 0x21, schema 4, UTF-8, version-valid-for 1
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2027520
                                                                                                                              Entropy (8bit):6.455432598483356
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:xKaOirx5nZSp0LzifuUPLdDw59bnCqDgEShLMCgktSVvIQ/w+8/FsIYcyjyoo98s:e3HWs
                                                                                                                              MD5:F097FF20569DA8E7FDBA3EF036779A37
                                                                                                                              SHA1:DE0B86B0AF89EC856FF5D453A2737F1A138E5779
                                                                                                                              SHA-256:4980FF6C28C98262DD009FB755B8A572BC23D62CE902F46D8B2B862441E0E821
                                                                                                                              SHA-512:9200FEFCE08E5D1E8AF63F4F63470E6CAC576499DE53D905236D4F45062BD45F2F0ADB05508D51CF7327B1E85884E81315C611C716D7E3E4E0AF100892D7F057
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ...................!..............................................................P..j.......7.....i.....<...A.....P............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\etilqs_QOBcOyRp4Oo6lrg

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3022000, file counter 1, database pages 495, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2027520
                                                                                                                              Entropy (8bit):6.455430344771934
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:8KaOirx5nZSp0LzifuUPLdDw59bnCqDgEShLMCgktSVvIQ/w+8/FsIYcyjyoo98s:v3HWs
                                                                                                                              MD5:397E1DB7F2634D04351CDF7AEF4E2CDA
                                                                                                                              SHA1:AB14CEC3A983ACA78D4F64A5978857F30C928D08
                                                                                                                              SHA-256:BB4FCAD8CFA99033A038B206CD1EA156ADF270A45B194DE7D182843718497D0F
                                                                                                                              SHA-512:A0E3D6FAF9606692E83CC496BEFCF7B6A3A1FD2DBF127059E9FFD373EB96CCE66FDD3EA171F3D9393424508920BEF197D81A28C27777D60E4273B5976059A394
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ................... ..............................................................P..j.......7.....i.....<...A.....P............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\etilqs_v0kBdD5gRFdYt58

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3022000, file counter 1, database pages 495, cookie 0x22, schema 4, UTF-8, version-valid-for 1
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2027520
                                                                                                                              Entropy (8bit):6.455432857476665
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:yKaOirx5nZSp0LzifuUPLdDw59bnCqDgEShLMCgktSVvIQ/w+8/FsIYcyjyoo98s:V3HWs
                                                                                                                              MD5:C2B14973022611282DAF3AF53BD0AD16
                                                                                                                              SHA1:729CFA49990B34177E999E446A35E3EC1093D2F6
                                                                                                                              SHA-256:C6743A69C6FF4B284FC5A707060C8A04C9CDEA0D3EAD9A1184403D333576781D
                                                                                                                              SHA-512:EB0E3D4A72B89961CFA76F4F88E157602930AD7D8F12D1A6FFB86127EC03D10E740115DEF2F68483BDA2EE768F3680A8405E26DD24C53256456305CF2400CE8A
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ..................."..............................................................P..j.......7.....i.....<...A.....P............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\etilqs_wgwuzVwgpK883Yd

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3022000, file counter 1, database pages 495, cookie 0x23, schema 4, UTF-8, version-valid-for 1
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2027520
                                                                                                                              Entropy (8bit):6.4554324291266765
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:XKaOirx5nZSp0LzifuUPLdDw59bnCqDgEShLMCgktSVvIQ/w+8/FsIYcyjyoo98s:U3HWs
                                                                                                                              MD5:8FA83EB0E8F9C82CC95B8DAFE486897B
                                                                                                                              SHA1:B05D30797FDFB4624F9F16959BC67A2EADC846A7
                                                                                                                              SHA-256:3E63EF8C82EB4E00925EF00378FDB82563008071027AC8BA01084A2F7DE316B2
                                                                                                                              SHA-512:7B270805B342C85933126CD0CADF585FFC5DEC46EB510E87B8C74A09C9A1C9B40F448C140A1E412B721ED49A7464FE61C8C42F418FCD87DBA6867B60517BA3EB
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ...................#..............................................................P..j.......7.....i.....<...A.....P............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\is-BVGJ6.tmp\PCCleaner.bmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PC bitmap, Windows 3.x format, 455 x 56 x 24, image size 76608, resolution 2834 x 2834 px/m, cbSize 76662, bits offset 54
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):76662
                                                                                                                              Entropy (8bit):1.6870051138267081
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:NhfAGpUbs/Q8NgEuDprt2blv/VAw2RTao/jpGZDvUij:NmGpU2Q8NgEG9t2Zv9eRt/NF+
                                                                                                                              MD5:4E2EE28B4E87193919ED0CA8CACF1093
                                                                                                                              SHA1:7723051F85E2C0E09967A35E0737FB0D41DFDD0E
                                                                                                                              SHA-256:9B1509867DBAD1CA41D718BA7D1BD3EE799BDC165C38088BB807B34EDB7BB838
                                                                                                                              SHA-512:3B0B64320EACB23DEC0C5A23A1E3958D7ED10775B79DF4FB98F9D164E175727D9945F95A24DD9477A1DAAF44B79326D25D64300C128842176FD7C4184DD2D20A
                                                                                                                              Malicious:false
                                                                                                                              Preview:BMv+......6...(.......8...........@+.............................................................................................................................................................................................................................................................................................................................................................................................................~.j.`.k.~.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\is-BVGJ6.tmp\_isetup\_setup64.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6144
                                                                                                                              Entropy (8bit):4.720366600008286
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3204968
                                                                                                                              Entropy (8bit):6.335379144440448
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:HEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY21:b92bz2Eb6pd7B6bAGx7s333TD
                                                                                                                              MD5:CCCE5E18D7E151BBFB8592DCB09AF84B
                                                                                                                              SHA1:5917A85D9D6EF21D51C8DBCF5BF88BE8DF8B690C
                                                                                                                              SHA-256:171D6009023E968B888D82E5EEA3128477EB6FBE3FAAAA3B98195706433622AD
                                                                                                                              SHA-512:42CA97DB03B90F0C3506292C272C680119A68E35FDB9B928567A4D59E520AB05338935B5C321AA93BBC3DF53EFA9651752DAED48132F71357855A439A67E1E14
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1.....v.1...@......@....................-......p-.29....-...............0.h)....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                              Malicious:false
                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Roaming\PC Cleaner\Log\Tasks.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):49019
                                                                                                                              Entropy (8bit):2.638181717954847
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:877uuuuuuuZZZZZZZZZbAbAbAbAbAbAbAbAbA/////////CCCCCCCCC88888888H:8PeeeeeeeeNLfC/TWorrl
                                                                                                                              MD5:0DD2226BF23FC7461A7A2E2C51CDA733
                                                                                                                              SHA1:B4D42DC10367ADAABC83A97D1B6949B5C0C615C1
                                                                                                                              SHA-256:FD0BBBCE86E10E89DD82C69C16FCFC8FB544D24199F18CC68AD45ECDF078516E
                                                                                                                              SHA-512:D5877987E7B063895A2FE5C1A8BC70B26020E62594B981EF5B11DD9C2EACDD90F6535288E2245F66DD74651F418F931B9E5C8B55668A1EF1A976D8B756370337
                                                                                                                              Malicious:false
                                                                                                                              Preview:24/04/2024 12:31:15 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:15 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:14 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:14 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:14 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:14 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:14 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:14 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:14 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:13 [Timer]: --------------------------- Tick ------------------------------- ..24/04/2024 12:31:13 [Timer]: -----------

                                                                                                                              C:\Users\user\Desktop\PC Cleaner.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 24 09:30:11 2024, mtime=Wed Apr 24 09:30:11 2024, atime=Wed Apr 3 10:32:12 2024, length=10560360, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1099
                                                                                                                              Entropy (8bit):4.617776276917252
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:8mOoIU6EFdOEHSRw5zOm78AOk/NYdnmJWdnm5UUTGfqyFm:8mOQtFdOr0zOk7OJdnwWdnvUxyF
                                                                                                                              MD5:BEC9AD0637FDEAFD24DCED206BB9A36B
                                                                                                                              SHA1:6F22458E1431E71D9244DD316564946D2EEE047E
                                                                                                                              SHA-256:2AC75941A4E2DF75D1614C786D14270B56C31F83F7C892E256569BED34E2F76D
                                                                                                                              SHA-512:1EB1E5A4D81A65377C0C3D1E091B83E2303AC14C8EA3FEDB7652B76114DD94D3A395131223BFD7AEAC38EDE38B12C07E7BFEA3D59A199BF337E30AB6CBA3917D
                                                                                                                              Malicious:false
                                                                                                                              Preview:L..................F.... ...X..c2....oDc2...........h#...........................P.O. .:i.....+00.../C:\.....................1......X.S..PROGRA~2.........O.I.X.S....................V......f..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X.S..PCCLEA~1..F......X.S.X.S....a......................j..P.C. .C.l.e.a.n.e.r.....h.2.h#...X.\ .PCCLEA~1.EXE..L......X.S.X.S..............................P.C.C.l.e.a.n.e.r...e.x.e.......^...............-.......]..............,.....C:\Program Files (x86)\PC Cleaner\PCCleaner.exe..5.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r.\.P.C.C.l.e.a.n.e.r...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .C.l.e.a.n.e.r.........*................@Z|...K.J.........`.......X.......301389...........hT..CrF.f4... ..~T..b...,.......hT..CrF.f4... ..~T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Entropy (8bit):7.947291301779641
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                              • Inno Setup installer (109748/4) 1.08%
                                                                                                                              • InstallShield setup (43055/19) 0.42%
                                                                                                                              • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                              File name:SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
                                                                                                                              File size:7'867'760 bytes
                                                                                                                              MD5:199e8896119bd3fc3850e9b19eb98ab2
                                                                                                                              SHA1:b20795b8b98641cd1f3f79767ca2479d81af2a7e
                                                                                                                              SHA256:36c6dceee32c61fa35e3d2bc6699ca7d6fc0eee903f82876e1e1049d4b52e600
                                                                                                                              SHA512:c79753ef606c333df5ae974814bec434a0ba872a85cbe98e037700005caa8f3eab616556013099682c4a026f45ca5ceab53ade40f5674b7be73661609c325247
                                                                                                                              SSDEEP:196608:dUJl7//t1epn/0ZnbfMSYseYy7c7FsnTum:Sn//tc4bf7YaHunTV
                                                                                                                              TLSH:9186233FF268A13EC46A0B3245B39750897B7A65A81A8C2F03FC754DCF765600E3B656
                                                                                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                              File Icon

                                                                                                                              Icon Hash:0c0c2d33ceec80aa

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x4b5eec
                                                                                                                              Entrypoint Section:.itext
                                                                                                                              Digitally signed:true
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x60B88E27 [Thu Jun 3 08:09:11 2021 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:6
                                                                                                                              OS Version Minor:1
                                                                                                                              File Version Major:6
                                                                                                                              File Version Minor:1
                                                                                                                              Subsystem Version Major:6
                                                                                                                              Subsystem Version Minor:1
                                                                                                                              Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                              Authenticode Signature

                                                                                                                              Signature Valid:true
                                                                                                                              Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                              Error Number:0
                                                                                                                              Not Before, Not After
                                                                                                                              • 12/05/2022 22:22:42 03/08/2024 19:15:28
                                                                                                                              Subject Chain
                                                                                                                              • E=mark@pchelpsoft.com, CN=PC HELPSOFT LABS INC., OU=Software, O=PC HELPSOFT LABS INC., STREET=301-3450 Uptown Blvd., L=Victoria, S=British Columbia, C=CA, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA, SERIALNUMBER=BC0884553, OID.2.5.4.15=Private Organization
                                                                                                                              Version:3
                                                                                                                              Thumbprint MD5:ADACF2779EBBDDB4172EFF2997E31865
                                                                                                                              Thumbprint SHA-1:B91A4928B33017B977E5D6D645ECA0E7B221602D
                                                                                                                              Thumbprint SHA-256:FE62938EE8419B9145AAA2CD8FA6DF707F8716C023FB7925936BCD7EAC20FB18
                                                                                                                              Serial:0155B8402DADB2C49A382A58

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              push ebp
                                                                                                                              mov ebp, esp
                                                                                                                              add esp, FFFFFFA4h
                                                                                                                              push ebx
                                                                                                                              push esi
                                                                                                                              push edi
                                                                                                                              xor eax, eax
                                                                                                                              mov dword ptr [ebp-3Ch], eax
                                                                                                                              mov dword ptr [ebp-40h], eax
                                                                                                                              mov dword ptr [ebp-5Ch], eax
                                                                                                                              mov dword ptr [ebp-30h], eax
                                                                                                                              mov dword ptr [ebp-38h], eax
                                                                                                                              mov dword ptr [ebp-34h], eax
                                                                                                                              mov dword ptr [ebp-2Ch], eax
                                                                                                                              mov dword ptr [ebp-28h], eax
                                                                                                                              mov dword ptr [ebp-14h], eax
                                                                                                                              mov eax, 004B10F0h
                                                                                                                              call 00007FCBA8EA2485h
                                                                                                                              xor eax, eax
                                                                                                                              push ebp
                                                                                                                              push 004B65E2h
                                                                                                                              push dword ptr fs:[eax]
                                                                                                                              mov dword ptr fs:[eax], esp
                                                                                                                              xor edx, edx
                                                                                                                              push ebp
                                                                                                                              push 004B659Eh
                                                                                                                              push dword ptr fs:[edx]
                                                                                                                              mov dword ptr fs:[edx], esp
                                                                                                                              mov eax, dword ptr [004BE634h]
                                                                                                                              call 00007FCBA8F44BAFh
                                                                                                                              call 00007FCBA8F44702h
                                                                                                                              lea edx, dword ptr [ebp-14h]
                                                                                                                              xor eax, eax
                                                                                                                              call 00007FCBA8EB7EF8h
                                                                                                                              mov edx, dword ptr [ebp-14h]
                                                                                                                              mov eax, 004C1D84h
                                                                                                                              call 00007FCBA8E9D077h
                                                                                                                              push 00000002h
                                                                                                                              push 00000000h
                                                                                                                              push 00000001h
                                                                                                                              mov ecx, dword ptr [004C1D84h]
                                                                                                                              mov dl, 01h
                                                                                                                              mov eax, dword ptr [004237A4h]
                                                                                                                              call 00007FCBA8EB8F5Fh
                                                                                                                              mov dword ptr [004C1D88h], eax
                                                                                                                              xor edx, edx
                                                                                                                              push ebp
                                                                                                                              push 004B654Ah
                                                                                                                              push dword ptr fs:[edx]
                                                                                                                              mov dword ptr fs:[edx], esp
                                                                                                                              call 00007FCBA8F44C37h
                                                                                                                              mov dword ptr [004C1D90h], eax
                                                                                                                              mov eax, dword ptr [004C1D90h]
                                                                                                                              cmp dword ptr [eax+0Ch], 01h
                                                                                                                              jne 00007FCBA8F4B21Ah
                                                                                                                              mov eax, dword ptr [004C1D90h]
                                                                                                                              mov edx, 00000028h
                                                                                                                              call 00007FCBA8EB9854h
                                                                                                                              mov edx, dword ptr [004C1D90h]

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x10e00.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x77e4080x2968
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .rsrc0xc70000x10e000x10e00a3bec3796aeb3463e250eb0af3488757False0.1885271990740741data3.711816290742972IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_ICON0xc76780xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States0.1174924924924925
                                                                                                                              RT_ICON0xc80e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.15792682926829268
                                                                                                                              RT_ICON0xc87480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23387096774193547
                                                                                                                              RT_ICON0xc8a300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.39864864864864863
                                                                                                                              RT_ICON0xc8b580x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colorsEnglishUnited States0.08339210155148095
                                                                                                                              RT_ICON0xca1800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.1023454157782516
                                                                                                                              RT_ICON0xcb0280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.10649819494584838
                                                                                                                              RT_ICON0xcb8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.10838150289017341
                                                                                                                              RT_ICON0xcbe380x12e5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8712011577424024
                                                                                                                              RT_ICON0xcd1200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.05668398677373642
                                                                                                                              RT_ICON0xd13480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.08475103734439834
                                                                                                                              RT_ICON0xd38f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.09920262664165103
                                                                                                                              RT_ICON0xd49980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                                                                                              RT_STRING0xd4e000x360data0.34375
                                                                                                                              RT_STRING0xd51600x260data0.3256578947368421
                                                                                                                              RT_STRING0xd53c00x45cdata0.4068100358422939
                                                                                                                              RT_STRING0xd581c0x40cdata0.3754826254826255
                                                                                                                              RT_STRING0xd5c280x2d4data0.39226519337016574
                                                                                                                              RT_STRING0xd5efc0xb8data0.6467391304347826
                                                                                                                              RT_STRING0xd5fb40x9cdata0.6410256410256411
                                                                                                                              RT_STRING0xd60500x374data0.4230769230769231
                                                                                                                              RT_STRING0xd63c40x398data0.3358695652173913
                                                                                                                              RT_STRING0xd675c0x368data0.3795871559633027
                                                                                                                              RT_STRING0xd6ac40x2a4data0.4275147928994083
                                                                                                                              RT_RCDATA0xd6d680x10data1.5
                                                                                                                              RT_RCDATA0xd6d780x2c4data0.6384180790960452
                                                                                                                              RT_RCDATA0xd703c0x2cdata1.25
                                                                                                                              RT_GROUP_ICON0xd70680xbcdataEnglishUnited States0.6170212765957447
                                                                                                                              RT_VERSION0xd71240x584dataEnglishUnited States0.26558073654390935
                                                                                                                              RT_MANIFEST0xd76a80x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                              comctl32.dllInitCommonControls
                                                                                                                              version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                              user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                              oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                              netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                              advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                              Exports

                                                                                                                              NameOrdinalAddress
                                                                                                                              TMethodImplementationIntercept30x454060
                                                                                                                              __dbk_fcall_wrapper20x40d0a0
                                                                                                                              dbkFCallWrapperAddr10x4be63c

                                                                                                                              Possible Origin

                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                              EnglishUnited States

                                                                                                                              Network Behavior

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Apr 24, 2024 12:30:15.469182014 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:15.469221115 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:15.469288111 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:15.473634005 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:15.473663092 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:16.410751104 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:16.410815001 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:16.423732042 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:16.423760891 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:16.424046993 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:16.472223043 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:16.499181032 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:16.499269962 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:16.499284983 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:17.679743052 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:17.679955959 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:17.680078983 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:17.681107044 CEST49733443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:17.681123018 CEST44349733116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:18.224229097 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:18.224292040 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:18.224416971 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:18.224668980 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:18.224688053 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:18.840948105 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:18.841023922 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:18.842823029 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:18.842829943 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:18.843063116 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:18.844342947 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:18.892110109 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:19.496064901 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:19.496145010 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:19.496216059 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:19.496709108 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:19.496722937 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:19.496829987 CEST49734443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:19.496835947 CEST44349734116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:19.534997940 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:19.535046101 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:19.535120964 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:19.536201000 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:19.536218882 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:20.150305033 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:20.150480986 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:20.151654959 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:20.151669025 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:20.151995897 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:20.153670073 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:20.153860092 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:20.153866053 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.386789083 CEST49744443192.168.2.418.239.199.80
                                                                                                                              Apr 24, 2024 12:30:24.386826992 CEST4434974418.239.199.80192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.386884928 CEST49744443192.168.2.418.239.199.80
                                                                                                                              Apr 24, 2024 12:30:24.394032955 CEST49744443192.168.2.418.239.199.80
                                                                                                                              Apr 24, 2024 12:30:24.394052982 CEST4434974418.239.199.80192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.406816006 CEST4974580192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:24.578546047 CEST8049745108.138.246.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.578670979 CEST4974580192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:24.608927011 CEST4974580192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:24.761686087 CEST4434974418.239.199.80192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.761770964 CEST49744443192.168.2.418.239.199.80
                                                                                                                              Apr 24, 2024 12:30:24.779093027 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:24.779146910 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.779230118 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:24.780190945 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:24.780213118 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.780550957 CEST8049745108.138.246.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.870918036 CEST8049745108.138.246.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.925398111 CEST4974580192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:25.038111925 CEST4974580192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:25.120368004 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.120477915 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:25.209734917 CEST8049745108.138.246.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.209803104 CEST4974580192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:25.397252083 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:25.397303104 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.398313046 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.398401976 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:25.400712013 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:25.444132090 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.629127026 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.629220963 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:25.629251003 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.629267931 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.629303932 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:25.629317045 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:25.655920029 CEST49746443192.168.2.4172.67.73.195
                                                                                                                              Apr 24, 2024 12:30:25.655996084 CEST44349746172.67.73.195192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.690212965 CEST49744443192.168.2.418.239.199.80
                                                                                                                              Apr 24, 2024 12:30:25.690243959 CEST4434974418.239.199.80192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.690402031 CEST49744443192.168.2.418.239.199.80
                                                                                                                              Apr 24, 2024 12:30:25.690478086 CEST4434974418.239.199.80192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.690536976 CEST49744443192.168.2.418.239.199.80
                                                                                                                              Apr 24, 2024 12:30:25.794332981 CEST4975380192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:25.812592030 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:25.812622070 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.812747002 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:25.813215017 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:25.813236952 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.966120005 CEST8049753108.138.246.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.966274977 CEST4975380192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:25.966451883 CEST4975380192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:26.138273954 CEST8049753108.138.246.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.145030975 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.145119905 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.154184103 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.154232025 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.155004978 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.155085087 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.155459881 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.196130991 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.233896017 CEST8049753108.138.246.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.234075069 CEST4975380192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:26.405776024 CEST8049753108.138.246.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.405836105 CEST4975380192.168.2.4108.138.246.21
                                                                                                                              Apr 24, 2024 12:30:26.576194048 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.576273918 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.576311111 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.576350927 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.576358080 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.576405048 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.576411963 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.576455116 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.576492071 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.576587915 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.576595068 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.576638937 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.576641083 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.576692104 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.576988935 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.577007055 CEST44349754104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.577016115 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.577079058 CEST49754443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:26.947177887 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:26.947217941 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.947304964 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:26.947597980 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:26.947611094 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.427881956 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.427966118 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:27.431741953 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:27.431757927 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.431993008 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.440557957 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:27.488131046 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.736733913 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.736799002 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.736876965 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:27.736959934 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:27.736959934 CEST49756443192.168.2.4104.16.148.130
                                                                                                                              Apr 24, 2024 12:30:27.737000942 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.737025976 CEST44349756104.16.148.130192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.894870043 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:27.894938946 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.895315886 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:27.895598888 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:27.895625114 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.142255068 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.142465115 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.142538071 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.142574072 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.142594099 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.142622948 CEST49735443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.142637968 CEST44349735116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.162076950 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.162117004 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.162179947 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.162477016 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.162487984 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.267402887 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.267489910 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:28.271244049 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:28.271255970 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.271550894 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.280952930 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:28.281053066 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:28.281085014 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.762929916 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.763135910 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:28.763175964 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:28.763670921 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.763746977 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:28.763752937 CEST44349759216.239.32.21192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.763809919 CEST49759443192.168.2.4216.239.32.21
                                                                                                                              Apr 24, 2024 12:30:28.776680946 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.776757002 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.777961969 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.777970076 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.778368950 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:28.788197041 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.788316011 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:28.788321018 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.271296024 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.271387100 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.271445036 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:36.277831078 CEST49760443192.168.2.4116.203.251.147
                                                                                                                              Apr 24, 2024 12:30:36.277849913 CEST44349760116.203.251.147192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.361567974 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:36.361603975 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.361677885 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:36.362018108 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:36.362026930 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.690916061 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.691072941 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:36.692789078 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:36.692802906 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.693069935 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:36.695082903 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:36.740127087 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:37.132540941 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:37.132606983 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:37.132714033 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:37.132950068 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:37.132971048 CEST44349761104.26.1.116192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:37.132981062 CEST49761443192.168.2.4104.26.1.116
                                                                                                                              Apr 24, 2024 12:30:37.132986069 CEST44349761104.26.1.116192.168.2.4

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Apr 24, 2024 12:30:15.122832060 CEST5941653192.168.2.41.1.1.1
                                                                                                                              Apr 24, 2024 12:30:15.462804079 CEST53594161.1.1.1192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:23.967916965 CEST6516753192.168.2.41.1.1.1
                                                                                                                              Apr 24, 2024 12:30:23.993033886 CEST5567953192.168.2.41.1.1.1
                                                                                                                              Apr 24, 2024 12:30:24.157649994 CEST53651671.1.1.1192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.190610886 CEST53556791.1.1.1192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:24.615685940 CEST5025453192.168.2.41.1.1.1
                                                                                                                              Apr 24, 2024 12:30:24.772074938 CEST53502541.1.1.1192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:25.656961918 CEST5526053192.168.2.41.1.1.1
                                                                                                                              Apr 24, 2024 12:30:25.811826944 CEST53552601.1.1.1192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:26.777318954 CEST6353353192.168.2.41.1.1.1
                                                                                                                              Apr 24, 2024 12:30:26.946480989 CEST53635331.1.1.1192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:27.739509106 CEST6310253192.168.2.41.1.1.1
                                                                                                                              Apr 24, 2024 12:30:27.894128084 CEST53631021.1.1.1192.168.2.4
                                                                                                                              Apr 24, 2024 12:30:40.539498091 CEST5802453192.168.2.41.1.1.1
                                                                                                                              Apr 24, 2024 12:30:40.693207026 CEST53580241.1.1.1192.168.2.4

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Apr 24, 2024 12:30:15.122832060 CEST192.168.2.41.1.1.10x81faStandard query (0)collect.avqtools.comA (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:23.967916965 CEST192.168.2.41.1.1.10xaac8Standard query (0)offers.playanext.comA (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:23.993033886 CEST192.168.2.41.1.1.10x5ad9Standard query (0)api.playanext.comA (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.615685940 CEST192.168.2.41.1.1.10xd75eStandard query (0)pchelpsoft.comA (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:25.656961918 CEST192.168.2.41.1.1.10x71b8Standard query (0)www.pchelpsoft.comA (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:26.777318954 CEST192.168.2.41.1.1.10x64e1Standard query (0)partner-tracking.lavasoft.comA (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:27.739509106 CEST192.168.2.41.1.1.10x453eStandard query (0)cloud.pchelpsoft.comA (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:40.539498091 CEST192.168.2.41.1.1.10x5509Standard query (0)cloud.pchelpsoft.comA (IP address)IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Apr 24, 2024 12:30:15.462804079 CEST1.1.1.1192.168.2.40x81faNo error (0)collect.avqtools.com116.203.251.147A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.157649994 CEST1.1.1.1192.168.2.40xaac8No error (0)offers.playanext.comb217xlnyk0.execute-api.us-west-2.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.157649994 CEST1.1.1.1192.168.2.40xaac8No error (0)b217xlnyk0.execute-api.us-west-2.amazonaws.com18.239.199.80A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.157649994 CEST1.1.1.1192.168.2.40xaac8No error (0)b217xlnyk0.execute-api.us-west-2.amazonaws.com18.239.199.10A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.157649994 CEST1.1.1.1192.168.2.40xaac8No error (0)b217xlnyk0.execute-api.us-west-2.amazonaws.com18.239.199.78A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.157649994 CEST1.1.1.1192.168.2.40xaac8No error (0)b217xlnyk0.execute-api.us-west-2.amazonaws.com18.239.199.20A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.190610886 CEST1.1.1.1192.168.2.40x5ad9No error (0)api.playanext.comd1atxff5avezsq.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.190610886 CEST1.1.1.1192.168.2.40x5ad9No error (0)d1atxff5avezsq.cloudfront.net108.138.246.21A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.190610886 CEST1.1.1.1192.168.2.40x5ad9No error (0)d1atxff5avezsq.cloudfront.net108.138.246.41A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.190610886 CEST1.1.1.1192.168.2.40x5ad9No error (0)d1atxff5avezsq.cloudfront.net108.138.246.91A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.190610886 CEST1.1.1.1192.168.2.40x5ad9No error (0)d1atxff5avezsq.cloudfront.net108.138.246.17A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.772074938 CEST1.1.1.1192.168.2.40xd75eNo error (0)pchelpsoft.com172.67.73.195A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.772074938 CEST1.1.1.1192.168.2.40xd75eNo error (0)pchelpsoft.com104.26.1.116A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:24.772074938 CEST1.1.1.1192.168.2.40xd75eNo error (0)pchelpsoft.com104.26.0.116A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:25.811826944 CEST1.1.1.1192.168.2.40x71b8No error (0)www.pchelpsoft.com104.26.1.116A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:25.811826944 CEST1.1.1.1192.168.2.40x71b8No error (0)www.pchelpsoft.com104.26.0.116A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:25.811826944 CEST1.1.1.1192.168.2.40x71b8No error (0)www.pchelpsoft.com172.67.73.195A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:26.946480989 CEST1.1.1.1192.168.2.40x64e1No error (0)partner-tracking.lavasoft.com104.16.148.130A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:26.946480989 CEST1.1.1.1192.168.2.40x64e1No error (0)partner-tracking.lavasoft.com104.16.149.130A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:27.894128084 CEST1.1.1.1192.168.2.40x453eNo error (0)cloud.pchelpsoft.com216.239.32.21A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:27.894128084 CEST1.1.1.1192.168.2.40x453eNo error (0)cloud.pchelpsoft.com216.239.36.21A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:27.894128084 CEST1.1.1.1192.168.2.40x453eNo error (0)cloud.pchelpsoft.com216.239.34.21A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:27.894128084 CEST1.1.1.1192.168.2.40x453eNo error (0)cloud.pchelpsoft.com216.239.38.21A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:40.693207026 CEST1.1.1.1192.168.2.40x5509No error (0)cloud.pchelpsoft.com216.239.32.21A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:40.693207026 CEST1.1.1.1192.168.2.40x5509No error (0)cloud.pchelpsoft.com216.239.34.21A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:40.693207026 CEST1.1.1.1192.168.2.40x5509No error (0)cloud.pchelpsoft.com216.239.38.21A (IP address)IN (0x0001)false
                                                                                                                              Apr 24, 2024 12:30:40.693207026 CEST1.1.1.1192.168.2.40x5509No error (0)cloud.pchelpsoft.com216.239.36.21A (IP address)IN (0x0001)false

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • collect.avqtools.com
                                                                                                                              • pchelpsoft.com
                                                                                                                              • www.pchelpsoft.com
                                                                                                                              • partner-tracking.lavasoft.com
                                                                                                                              • cloud.pchelpsoft.com
                                                                                                                              • api.playanext.com

                                                                                                                              HTTP Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.449745108.138.246.21807436C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Apr 24, 2024 12:30:24.608927011 CEST553OUTPOST /httpapi HTTP/1.1
                                                                                                                              Host: api.playanext.com
                                                                                                                              Accept: */*
                                                                                                                              Content-Length: 419
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Data Raw: 61 70 69 5f 6b 65 79 3d 65 38 4f 46 67 6c 50 6c 55 77 61 55 51 59 67 39 6b 68 48 52 38 39 78 39 46 72 45 31 66 37 6d 31 33 38 37 68 51 45 49 6a 26 65 76 65 6e 74 3d 25 35 62 25 37 62 25 32 32 65 76 65 6e 74 5f 70 72 6f 70 65 72 74 69 65 73 25 32 32 25 33 61 25 37 62 25 32 32 64 69 73 74 72 69 62 75 74 6f 72 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 64 69 73 74 72 69 62 75 74 6f 72 5f 70 72 6f 64 75 63 74 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 6d 65 74 68 6f 64 5f 75 73 65 64 25 32 32 25 33 61 25 32 32 49 6e 69 74 69 61 6c 69 7a 65 25 32 32 25 32 63 25 32 32 6f 66 66 65 72 5f 70 72 6f 64 75 63 74 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 73 6f 75 72 63 65 25 32 32 25 33 61 25 32 32 50 6c 61 79 61 53 44 4b 25 32 30 43 25 32 62 25 32 62 25 32 30 76 31 2e 37 2e 33 25 32 32 25 32 63 25 32 32 75 73 65 72 5f 63 6f 75 6e 74 72 79 25 32 32 25 33 61 25 32 32 25 32 32 25 37 64 25 32 63 25 32 32 65 76 65 6e 74 5f 74 79 70 65 25 32 32 25 33 61 25 32 32 63 70 70 5f 73 64 6b 5f 73 74 61 72 74 75 70 25 32 32 25 32 63 25 32 32 69 70 25 32 32 25 33 61 25 32 32 25 32 34 72 65 6d 6f 74 65 25 32 32 25 32 63 25 32 32 73 65 73 73 69 6f 6e 5f 69 64 25 32 32 25 33 61 31 37 31 33 39 36 30 30 36 32 30 31 39 25 37 64 25 35 64
                                                                                                                              Data Ascii: api_key=e8OFglPlUwaUQYg9khHR89x9FrE1f7m1387hQEIj&event=%5b%7b%22event_properties%22%3a%7b%22distributor%22%3a%22%22%2c%22distributor_product%22%3a%22%22%2c%22method_used%22%3a%22Initialize%22%2c%22offer_product%22%3a%22%22%2c%22source%22%3a%22PlayaSDK%20C%2b%2b%20v1.7.3%22%2c%22user_country%22%3a%22%22%7d%2c%22event_type%22%3a%22cpp_sdk_startup%22%2c%22ip%22%3a%22%24remote%22%2c%22session_id%22%3a1713960062019%7d%5d
                                                                                                                              Apr 24, 2024 12:30:24.870918036 CEST619INHTTP/1.1 200 OK
                                                                                                                              Content-Type: application/json
                                                                                                                              Content-Length: 0
                                                                                                                              Connection: keep-alive
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:24 GMT
                                                                                                                              x-amzn-RequestId: 323b98a1-5356-4b21-ba7c-d47045031ff9
                                                                                                                              x-amz-apigw-id: WufSKG0bIAMEbAQ=
                                                                                                                              X-Amzn-Trace-Id: Root=1-6628df40-7f9a38703524e87e232a7924;Parent=4b3095d85536d7a0;Sampled=0;lineage=d7502c8f:0
                                                                                                                              Via: 1.1 0a60df055acf18164b14661cb4d16952.cloudfront.net (CloudFront), 1.1 5c9c18dc3f70d2dc4a380b2b87c39e4a.cloudfront.net (CloudFront)
                                                                                                                              X-Amz-Cf-Pop: SFO53-P5
                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                              X-Amz-Cf-Pop: SFO5-P1
                                                                                                                              X-Amz-Cf-Id: tSScp69MZsMq4V3BH0vin0bkcoOt8ENvkzjiBZvKQV9_5dOT_XQuaQ==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.449753108.138.246.21807436C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Apr 24, 2024 12:30:25.966451883 CEST819OUTPOST /httpapi HTTP/1.1
                                                                                                                              Host: api.playanext.com
                                                                                                                              Accept: */*
                                                                                                                              Content-Length: 685
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Data Raw: 61 70 69 5f 6b 65 79 3d 65 38 4f 46 67 6c 50 6c 55 77 61 55 51 59 67 39 6b 68 48 52 38 39 78 39 46 72 45 31 66 37 6d 31 33 38 37 68 51 45 49 6a 26 65 76 65 6e 74 3d 25 35 62 25 37 62 25 32 32 65 76 65 6e 74 5f 70 72 6f 70 65 72 74 69 65 73 25 32 32 25 33 61 25 37 62 25 32 32 64 69 73 74 72 69 62 75 74 6f 72 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 64 69 73 74 72 69 62 75 74 6f 72 5f 70 72 6f 64 75 63 74 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 65 72 72 6f 72 5f 63 6f 64 65 25 32 32 25 33 61 25 32 32 4f 46 46 45 52 5f 41 50 49 5f 46 41 49 4c 55 52 45 25 32 32 25 32 63 25 32 32 65 72 72 6f 72 5f 64 65 73 63 72 69 70 74 69 6f 6e 25 32 32 25 33 61 25 32 32 43 6f 64 65 25 33 61 25 32 30 33 35 25 33 62 25 32 30 45 72 72 6f 72 25 32 30 73 74 72 69 6e 67 25 33 61 25 32 30 73 63 68 61 6e 6e 65 6c 25 33 61 25 32 30 6e 65 78 74 25 32 30 49 6e 69 74 69 61 6c 69 7a 65 53 65 63 75 72 69 74 79 43 6f 6e 74 65 78 74 25 32 30 66 61 69 6c 65 64 25 33 61 25 32 30 55 6e 6b 6e 6f 77 6e 25 32 30 65 72 72 6f 72 25 32 30 25 32 38 30 78 38 30 30 39 32 30 31 32 25 32 39 25 32 30 2d 25 32 30 54 68 65 25 32 30 72 65 76 6f 63 61 74 69 6f 6e 25 32 30 66 75 6e 63 74 69 6f 6e 25 32 30 77 61 73 25 32 30 75 6e 61 62 6c 65 25 32 30 74 6f 25 32 30 63 68 65 63 6b 25 32 30 72 65 76 6f 63 61 74 69 6f 6e 25 32 30 66 6f 72 25 32 30 74 68 65 25 32 30 63 65 72 74 69 66 69 63 61 74 65 2e 25 32 32 25 32 63 25 32 32 6f 66 66 65 72 5f 70 72 6f 64 75 63 74 25 32 32 25 33 61 25 32 32 25 32 32 25 32 63 25 32 32 73 6f 75 72 63 65 25 32 32 25 33 61 25 32 32 50 6c 61 79 61 53 44 4b 25 32 30 43 25 32 62 25 32 62 25 32 30 76 31 2e 37 2e 33 25 32 32 25 32 63 25 32 32 75 73 65 72 5f 63 6f 75 6e 74 72 79 25 32 32 25 33 61 25 32 32 25 32 32 25 37 64 25 32 63 25 32 32 65 76 65 6e 74 5f 74 79 70 65 25 32 32 25 33 61 25 32 32 65 72 72 6f 72 25 32 32 25 32 63 25 32 32 69 70 25 32 32 25 33 61 25 32 32 25 32 34 72 65 6d 6f 74 65 25 32 32 25 32 63 25 32 32 73 65 73 73 69 6f 6e 5f 69 64 25 32 32 25 33 61 31 37 31 33 39 36 30 30 36 32 30 31 39 25 37 64 25 35 64
                                                                                                                              Data Ascii: api_key=e8OFglPlUwaUQYg9khHR89x9FrE1f7m1387hQEIj&event=%5b%7b%22event_properties%22%3a%7b%22distributor%22%3a%22%22%2c%22distributor_product%22%3a%22%22%2c%22error_code%22%3a%22OFFER_API_FAILURE%22%2c%22error_description%22%3a%22Code%3a%2035%3b%20Error%20string%3a%20schannel%3a%20next%20InitializeSecurityContext%20failed%3a%20Unknown%20error%20%280x80092012%29%20-%20The%20revocation%20function%20was%20unable%20to%20check%20revocation%20for%20the%20certificate.%22%2c%22offer_product%22%3a%22%22%2c%22source%22%3a%22PlayaSDK%20C%2b%2b%20v1.7.3%22%2c%22user_country%22%3a%22%22%7d%2c%22event_type%22%3a%22error%22%2c%22ip%22%3a%22%24remote%22%2c%22session_id%22%3a1713960062019%7d%5d
                                                                                                                              Apr 24, 2024 12:30:26.233896017 CEST619INHTTP/1.1 200 OK
                                                                                                                              Content-Type: application/json
                                                                                                                              Content-Length: 0
                                                                                                                              Connection: keep-alive
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:26 GMT
                                                                                                                              x-amzn-RequestId: f6305537-9976-4fda-ba58-b1b1455642d9
                                                                                                                              x-amz-apigw-id: WufSXHj7oAMEGnQ=
                                                                                                                              X-Amzn-Trace-Id: Root=1-6628df42-0383bf7453443aec72cfcdad;Parent=4a9b765ad621298f;Sampled=0;lineage=d7502c8f:0
                                                                                                                              Via: 1.1 00980881c14af16ba44a5b402a52c1fc.cloudfront.net (CloudFront), 1.1 c858fcd4941dcc58025e22f092b26c28.cloudfront.net (CloudFront)
                                                                                                                              X-Amz-Cf-Pop: SFO53-P5
                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                              X-Amz-Cf-Pop: SFO5-P1
                                                                                                                              X-Amz-Cf-Id: tsfE8mLM7pChA0XRs2aMXhTG_NSeda59tsOsJz2PzXMacYhIxuQu4A==


                                                                                                                              HTTPS Proxied Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.449733116.203.251.1474437380C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:16 UTC207OUTPOST /api/collect HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                                                                                              User-Agent: Embarcadero URI Client/1.0
                                                                                                                              Content-Length: 353
                                                                                                                              Host: collect.avqtools.com
                                                                                                                              2024-04-24 10:30:16 UTC353OUTData Raw: 6a 73 6f 6e 3d 25 37 42 25 32 32 63 61 74 65 67 6f 72 79 25 32 32 25 33 41 25 32 32 61 63 74 69 76 65 5f 75 73 65 72 73 25 32 32 25 32 43 25 32 32 68 69 64 25 32 32 25 33 41 25 32 32 39 44 34 45 37 30 46 39 33 43 36 30 46 41 38 42 43 32 41 31 44 43 37 30 32 41 44 37 45 43 45 33 25 32 32 25 32 43 25 32 32 70 72 6f 67 72 61 6d 25 32 32 25 33 41 25 32 32 50 43 2b 43 6c 65 61 6e 65 72 25 32 32 25 32 43 25 32 32 76 65 72 73 69 6f 6e 25 32 32 25 33 41 25 32 32 39 36 30 34 25 32 32 25 32 43 25 32 32 6c 61 6e 67 75 61 67 65 25 32 32 25 33 41 25 32 32 65 6e 25 32 32 25 32 43 25 32 32 72 65 67 69 73 74 65 72 65 64 25 32 32 25 33 41 25 32 32 30 25 32 32 25 32 43 25 32 32 73 75 62 73 63 72 69 70 74 69 6f 6e 5f 74 79 70 65 25 32 32 25 33 41 25 32 32 25 32 32 25 32 43
                                                                                                                              Data Ascii: json=%7B%22category%22%3A%22active_users%22%2C%22hid%22%3A%229D4E70F93C60FA8BC2A1DC702AD7ECE3%22%2C%22program%22%3A%22PC+Cleaner%22%2C%22version%22%3A%229604%22%2C%22language%22%3A%22en%22%2C%22registered%22%3A%220%22%2C%22subscription_type%22%3A%22%22%2C
                                                                                                                              2024-04-24 10:30:17 UTC418INHTTP/1.1 200 OK
                                                                                                                              Server: nginx/1.16.1
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:17 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                              pragma: no-cache
                                                                                                                              expires: -1
                                                                                                                              X-RateLimit-Limit: 6000
                                                                                                                              X-RateLimit-Remaining: 4834
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              2024-04-24 10:30:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.449734116.203.251.1474437380C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:18 UTC119OUTGET /debug.txt HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              User-Agent: Embarcadero URI Client/1.0
                                                                                                                              Host: collect.avqtools.com
                                                                                                                              2024-04-24 10:30:19 UTC341INHTTP/1.1 200 OK
                                                                                                                              Server: nginx/1.16.1
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:19 GMT
                                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                                              Content-Length: 11
                                                                                                                              Connection: close
                                                                                                                              Last-Modified: Wed, 17 Jan 2024 18:16:16 GMT
                                                                                                                              ETag: "65a81970-b"
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              2024-04-24 10:30:19 UTC11INData Raw: 39 35 31 30 72 65 67 32 30 32 33
                                                                                                                              Data Ascii: 9510reg2023


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.2.449735116.203.251.1474437380C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:20 UTC207OUTPOST /api/collect HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                                                                                              User-Agent: Embarcadero URI Client/1.0
                                                                                                                              Content-Length: 275
                                                                                                                              Host: collect.avqtools.com
                                                                                                                              2024-04-24 10:30:20 UTC275OUTData Raw: 6a 73 6f 6e 3d 25 37 42 25 32 32 63 61 74 65 67 6f 72 79 25 32 32 25 33 41 25 32 32 74 72 61 63 6b 65 72 25 32 32 25 32 43 25 32 32 67 72 6f 75 70 25 32 32 25 33 41 25 32 32 43 6c 65 61 6e 65 72 25 32 32 25 32 43 25 32 32 74 72 61 63 6b 65 72 25 32 32 25 33 41 25 32 32 39 36 30 34 25 32 32 25 32 43 25 32 32 68 69 64 25 32 32 25 33 41 25 32 32 39 44 34 45 37 30 46 39 33 43 36 30 46 41 38 42 43 32 41 31 44 43 37 30 32 41 44 37 45 43 45 33 25 32 32 25 32 43 25 32 32 70 72 6f 67 72 61 6d 25 32 32 25 33 41 25 32 32 50 43 2b 43 6c 65 61 6e 65 72 25 32 32 25 32 43 25 32 32 76 65 72 73 69 6f 6e 25 32 32 25 33 41 25 32 32 39 36 30 34 25 32 32 25 32 43 25 32 32 6c 61 6e 67 75 61 67 65 25 32 32 25 33 41 25 32 32 65 6e 25 32 32 25 32 43 25 32 32 70 61 72 61 6d 25 32
                                                                                                                              Data Ascii: json=%7B%22category%22%3A%22tracker%22%2C%22group%22%3A%22Cleaner%22%2C%22tracker%22%3A%229604%22%2C%22hid%22%3A%229D4E70F93C60FA8BC2A1DC702AD7ECE3%22%2C%22program%22%3A%22PC+Cleaner%22%2C%22version%22%3A%229604%22%2C%22language%22%3A%22en%22%2C%22param%2
                                                                                                                              2024-04-24 10:30:28 UTC418INHTTP/1.1 200 OK
                                                                                                                              Server: nginx/1.16.1
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:27 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                              pragma: no-cache
                                                                                                                              expires: -1
                                                                                                                              X-RateLimit-Limit: 6000
                                                                                                                              X-RateLimit-Remaining: 4366
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              2024-04-24 10:30:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.2.449746172.67.73.1954437436C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:25 UTC222OUTGET /pc-cleaner/install HTTP/1.1
                                                                                                                              Accept: */*
                                                                                                                              Content-Type: application/x-www-form-urlencoded; charset=UTF-8
                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U)
                                                                                                                              Host: pchelpsoft.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2024-04-24 10:30:25 UTC598INHTTP/1.1 308 Permanent Redirect
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:25 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              location: https://www.pchelpsoft.com/pc-cleaner/install
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2FsvT0Q5nb8tACpfotDUq3muIYrJWDaw8ZvWyWHXQgiu3nPge%2FrfliaR3EqDf8ljin8BidL4FeOftS2OlpIGxTN%2BxKJO%2B02a7wEVWExgINk8MKiVh3xl6IJ0tO60i0To"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 87956af93c4931a9-LAX
                                                                                                                              2024-04-24 10:30:25 UTC170INData Raw: 61 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 38 20 50 65 72 6d 61 6e 65 6e 74 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 38 20 50 65 72 6d 61 6e 65 6e 74 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                              Data Ascii: a4<html><head><title>308 Permanent Redirect</title></head><body><center><h1>308 Permanent Redirect</h1></center><hr><center>nginx</center></body></html>
                                                                                                                              2024-04-24 10:30:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.2.449754104.26.1.1164437436C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:26 UTC162OUTGET /pc-cleaner/install HTTP/1.1
                                                                                                                              Accept: */*
                                                                                                                              User-Agent: Mozilla/5.0 (Windows; U)
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: www.pchelpsoft.com
                                                                                                                              2024-04-24 10:30:26 UTC637INHTTP/1.1 200 OK
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:26 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              vary: Accept-Encoding
                                                                                                                              strict-transport-security: max-age=15724800; includeSubDomains
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NZYRActNMEfh7SUywP0mdzu%2BmLdwhRABrq6EhZbvBhtCPV15s3QqkUqqtBc4hL%2BfNrWCEAcgcSvjpByNEOUZ4SPEbyRcdgZhToFnqLHWZ7cH3oULNKRSVLNKGs%2BSBdVZYOOPhA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 87956aff2b512f1b-LAX
                                                                                                                              2024-04-24 10:30:26 UTC732INData Raw: 63 30 62 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 50 43 20 43 6c 65 61 6e 65 72 20 77 69 6c 6c 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 63 6c 65 61 6e 20 79 6f 75 72 20 50 43 20
                                                                                                                              Data Ascii: c0b<!DOCTYPE html><html class="en" lang="en" dir="ltr"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="description" content="PC Cleaner will automatically clean your PC
                                                                                                                              2024-04-24 10:30:26 UTC1369INData Raw: 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 77 67 68 74 40 31 30 30 3b 32 30 30 3b 33 30 30 3b 34 30 30 3b 35 30 30 3b 36 30 30 3b 37 30 30 3b 38 30 30 3b 39 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 70 6b 67 2e 63 6f 6d 2f 73 77 69 70 65 72 40 38 2f 73 77 69 70 65 72 2d 62 75 6e 64 6c 65 2e 6d 69 6e 2e 63 73 73 22 20 2f 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 61 6e 67 20 3d 20 27 65 6e 27 3b 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 68 6f 73 74 42 72 6f 77 73 65 72 20 3d
                                                                                                                              Data Ascii: gleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700;800;900&display=swap"> <link rel="stylesheet" href="https://unpkg.com/swiper@8/swiper-bundle.min.css" /> <script> window.lang = 'en'; window.hostBrowser =
                                                                                                                              2024-04-24 10:30:26 UTC989INData Raw: 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 77 2c 20 64 2c 20 73 2c 20 6c 2c 20 69 29 20 7b 0a 20 20 20 20 20 20 20 20 77 5b 6c 5d 20 3d 20 77 5b 6c 5d 20 7c 7c 20 5b 5d 3b 20 77 5b 6c 5d 2e 70 75 73 68 28 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 20 65 76 65 6e 74 3a 20 27 67 74 6d 2e 6a 73 27 0a 20 20 20 20 20 20 20 20 7d 29 3b 20 76 61 72 20 66 20 3d 20 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 6a 20 3d 20 64 2e 63 72 65 61 74 65 45
                                                                                                                              Data Ascii: cript type="text/javascript"> (function (w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0], j = d.createE
                                                                                                                              2024-04-24 10:30:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.2.449756104.16.148.1304437436C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:27 UTC185OUTGET /api/tracking/pccleaner?downloadedDate=2024-04-24T10%3A30%3A06.678Z HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              User-Agent: Embarcadero URI Client/1.0
                                                                                                                              Host: partner-tracking.lavasoft.com
                                                                                                                              2024-04-24 10:30:27 UTC412INHTTP/1.1 204 No Content
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:27 GMT
                                                                                                                              Connection: close
                                                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                              Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                                                                                                              Access-Control-Expose-Headers: Content-Length,Content-Range
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 87956b05fa9e0a01-LAS


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              6192.168.2.449759216.239.32.214437436C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:28 UTC200OUTPOST /desktop/install_complete HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Content-Type: application/json
                                                                                                                              User-Agent: Mozilla/5.0 (compatible; Indy Library)
                                                                                                                              Content-Length: 147
                                                                                                                              Host: cloud.pchelpsoft.com
                                                                                                                              2024-04-24 10:30:28 UTC147OUTData Raw: 7b 22 73 72 63 22 3a 22 44 45 46 41 55 4c 54 5f 52 45 44 49 52 45 43 54 5f 54 52 41 43 4b 49 4e 47 22 2c 22 63 6d 70 22 3a 22 44 45 46 41 55 4c 54 5f 52 45 44 49 52 45 43 54 5f 54 52 41 43 4b 49 4e 47 22 2c 22 6d 6b 65 79 31 22 3a 22 44 45 46 41 55 4c 54 5f 52 45 44 49 52 45 43 54 5f 54 52 41 43 4b 49 4e 47 22 2c 22 48 6f 73 74 42 72 6f 77 73 65 72 22 3a 22 44 45 46 41 55 4c 54 5f 52 45 44 49 52 45 43 54 5f 54 52 41 43 4b 49 4e 47 22 7d
                                                                                                                              Data Ascii: {"src":"DEFAULT_REDIRECT_TRACKING","cmp":"DEFAULT_REDIRECT_TRACKING","mkey1":"DEFAULT_REDIRECT_TRACKING","HostBrowser":"DEFAULT_REDIRECT_TRACKING"}
                                                                                                                              2024-04-24 10:30:28 UTC184INHTTP/1.1 204 No Content
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:28 GMT
                                                                                                                              Content-Type: application/json
                                                                                                                              cache-control: no-cache, no-store, must-revalidate
                                                                                                                              Via: 1.1 google
                                                                                                                              Connection: close


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              7192.168.2.449760116.203.251.1474437380C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:28 UTC207OUTPOST /api/collect HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                                                                                              User-Agent: Embarcadero URI Client/1.0
                                                                                                                              Content-Length: 277
                                                                                                                              Host: collect.avqtools.com
                                                                                                                              2024-04-24 10:30:28 UTC277OUTData Raw: 6a 73 6f 6e 3d 25 37 42 25 32 32 63 61 74 65 67 6f 72 79 25 32 32 25 33 41 25 32 32 74 72 61 63 6b 65 72 25 32 32 25 32 43 25 32 32 67 72 6f 75 70 25 32 32 25 33 41 25 32 32 43 6c 65 61 6e 65 72 25 32 32 25 32 43 25 32 32 74 72 61 63 6b 65 72 25 32 32 25 33 41 25 32 32 39 36 30 34 25 32 32 25 32 43 25 32 32 68 69 64 25 32 32 25 33 41 25 32 32 39 44 34 45 37 30 46 39 33 43 36 30 46 41 38 42 43 32 41 31 44 43 37 30 32 41 44 37 45 43 45 33 25 32 32 25 32 43 25 32 32 70 72 6f 67 72 61 6d 25 32 32 25 33 41 25 32 32 50 43 2b 43 6c 65 61 6e 65 72 25 32 32 25 32 43 25 32 32 76 65 72 73 69 6f 6e 25 32 32 25 33 41 25 32 32 39 36 30 34 25 32 32 25 32 43 25 32 32 6c 61 6e 67 75 61 67 65 25 32 32 25 33 41 25 32 32 65 6e 25 32 32 25 32 43 25 32 32 70 61 72 61 6d 25 32
                                                                                                                              Data Ascii: json=%7B%22category%22%3A%22tracker%22%2C%22group%22%3A%22Cleaner%22%2C%22tracker%22%3A%229604%22%2C%22hid%22%3A%229D4E70F93C60FA8BC2A1DC702AD7ECE3%22%2C%22program%22%3A%22PC+Cleaner%22%2C%22version%22%3A%229604%22%2C%22language%22%3A%22en%22%2C%22param%2
                                                                                                                              2024-04-24 10:30:36 UTC418INHTTP/1.1 200 OK
                                                                                                                              Server: nginx/1.16.1
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:36 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                              pragma: no-cache
                                                                                                                              expires: -1
                                                                                                                              X-RateLimit-Limit: 6000
                                                                                                                              X-RateLimit-Remaining: 3989
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              2024-04-24 10:30:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              8192.168.2.449761104.26.1.1164437380C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-04-24 10:30:36 UTC155OUTGET /images/build-phone-banners/phone_activation.png HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              User-Agent: Embarcadero URI Client/1.0
                                                                                                                              Host: www.pchelpsoft.com
                                                                                                                              2024-04-24 10:30:37 UTC653INHTTP/1.1 500 Internal Server Error
                                                                                                                              Date: Wed, 24 Apr 2024 10:30:37 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              x-powered-by: PHP/7.2.34
                                                                                                                              strict-transport-security: max-age=15724800; includeSubDomains
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GnMK5tSZoUO1TF897v04Okc7F5IOjVxmnGdrSJFoIjcgoZbGZjqHDDI92D5T9XmZQ3uFuHgOZkWmpQGXIZY8LkMVxwawASiAO0f1VnxfvqMVcNf298wMsUPQL4KcFH5fXM8cOA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 87956b4108562ab5-LAX
                                                                                                                              2024-04-24 10:30:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:12:30:07
                                                                                                                              Start date:24/04/2024
                                                                                                                              Path:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe"
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:7'867'760 bytes
                                                                                                                              MD5 hash:199E8896119BD3FC3850E9B19EB98AB2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:Borland Delphi
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:1
                                                                                                                              Start time:12:30:07
                                                                                                                              Start date:24/04/2024
                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-HLNI5.tmp\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.tmp" /SL5="$20450,6944918,831488,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5320.27373.27791.exe"
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:3'204'968 bytes
                                                                                                                              MD5 hash:CCCE5E18D7E151BBFB8592DCB09AF84B
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:Borland Delphi
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 3%, ReversingLabs
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:3
                                                                                                                              Start time:12:30:13
                                                                                                                              Start date:24/04/2024
                                                                                                                              Path:C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe"
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:5'092'712 bytes
                                                                                                                              MD5 hash:FFCD8953CCB602777CE77EF08F6368C7
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:Borland Delphi
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:4
                                                                                                                              Start time:12:30:13
                                                                                                                              Start date:24/04/2024
                                                                                                                              Path:C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\PC Cleaner\PCCleaner" /START
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:10'560'360 bytes
                                                                                                                              MD5 hash:F5AEC68E32818A9A647615FDA4414B65
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:Borland Delphi
                                                                                                                              Reputation:low
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:7
                                                                                                                              Start time:12:30:25
                                                                                                                              Start date:24/04/2024
                                                                                                                              Path:C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe"
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:5'092'712 bytes
                                                                                                                              MD5 hash:FFCD8953CCB602777CE77EF08F6368C7
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:Borland Delphi
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:1.8%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:7.4%
                                                                                                                                Total number of Nodes:1025
                                                                                                                                Total number of Limit Nodes:69
                                                                                                                                execution_graph 63611 6c0a4b48 63612 6c0a4b86 63611->63612 63616 6c0a4b56 std::_Locinfo::_W_Getdays 63611->63616 63619 6c0901e9 14 API calls __dosmaperr 63612->63619 63614 6c0a4b71 RtlAllocateHeap 63615 6c0a4b84 63614->63615 63614->63616 63616->63612 63616->63614 63618 6c09f778 EnterCriticalSection LeaveCriticalSection moneypunct 63616->63618 63618->63616 63619->63615 63620 6c03d600 63621 6c03d678 63620->63621 63622 6c03d70e send 63620->63622 63621->63622 63636 6c04c890 63621->63636 63623 6c03d72c WSAGetLastError 63622->63623 63625 6c03d73c 63622->63625 63624 6c03d748 63623->63624 63623->63625 63665 6c02a370 41 API calls 3 library calls 63624->63665 63667 6c08b7ea 63625->63667 63628 6c03d758 63666 6c03cf00 64 API calls 2 library calls 63628->63666 63631 6c03d78e 63632 6c03d6eb recv 63632->63622 63634 6c03d702 63632->63634 63633 6c03d6a9 63633->63622 63633->63632 63635 6c03d707 63633->63635 63634->63622 63635->63622 63637 6c04c8b6 63636->63637 63638 6c04c8fe 63637->63638 63647 6c04c94a 63637->63647 63639 6c04c930 63638->63639 63640 6c04c904 WSASetLastError 63638->63640 63641 6c04c929 Sleep 63638->63641 63642 6c08b7ea _Getvals 5 API calls 63639->63642 63643 6c08b7ea _Getvals 5 API calls 63640->63643 63641->63639 63644 6c04c943 63642->63644 63645 6c04c922 63643->63645 63644->63633 63645->63633 63648 6c04ca76 63647->63648 63649 6c04caa4 select 63647->63649 63650 6c04ca7a 63648->63650 63651 6c04ca96 Sleep 63648->63651 63652 6c04ca83 WSASetLastError 63648->63652 63649->63650 63654 6c04cb5f __WSAFDIsSet __WSAFDIsSet 63650->63654 63655 6c04cb86 63650->63655 63664 6c04cb40 63650->63664 63651->63650 63652->63650 63653 6c08b7ea _Getvals 5 API calls 63656 6c04cbf5 63653->63656 63654->63655 63657 6c04cbb2 63655->63657 63658 6c04cb8e __WSAFDIsSet 63655->63658 63656->63633 63661 6c04cbba __WSAFDIsSet 63657->63661 63657->63664 63659 6c04cba0 63658->63659 63660 6c04cba3 __WSAFDIsSet 63658->63660 63659->63660 63660->63657 63662 6c04cbcc 63661->63662 63663 6c04cbcf __WSAFDIsSet 63661->63663 63662->63663 63663->63664 63664->63653 63665->63628 63666->63625 63668 6c08b7f2 63667->63668 63669 6c08b7f3 IsProcessorFeaturePresent 63667->63669 63668->63631 63671 6c08bc9e 63669->63671 63674 6c08bc61 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 63671->63674 63673 6c08bd81 63673->63631 63674->63673 63675 6c03f140 63676 6c03f1b3 _LStrxfrm 63675->63676 63677 6c03f21b socket 63676->63677 63679 6c03f1ef 63676->63679 63677->63679 63678 6c03f249 63743 6c03da40 63678->63743 63679->63678 63736 6c03f2c3 63679->63736 63770 6c04afa0 ioctlsocket 63679->63770 63680 6c08b7ea _Getvals 5 API calls 63683 6c03f65a 63680->63683 63684 6c03f283 63685 6c03f28a 63684->63685 63686 6c03f2cd 63684->63686 63771 6c0901e9 14 API calls __dosmaperr 63685->63771 63755 6c03cfe0 63686->63755 63690 6c03f28f 63772 6c0901e9 14 API calls __dosmaperr 63690->63772 63692 6c03f296 63773 6c02a370 41 API calls 3 library calls 63692->63773 63693 6c03f30a setsockopt 63695 6c03f32f WSAGetLastError 63693->63695 63697 6c03f357 63693->63697 63776 6c02a370 41 API calls 3 library calls 63695->63776 63696 6c03f2ab 63774 6c03cf00 64 API calls 2 library calls 63696->63774 63703 6c03f38a 63697->63703 63777 6c03fab0 11 API calls 2 library calls 63697->63777 63698 6c03f391 63709 6c03f407 setsockopt 63698->63709 63715 6c03f434 63698->63715 63699 6c03f3ae getsockopt 63704 6c03f3d7 setsockopt 63699->63704 63705 6c03f3cd 63699->63705 63703->63698 63703->63699 63704->63698 63705->63698 63705->63704 63706 6c03f348 63710 6c03cfe0 63 API calls 63706->63710 63707 6c03f2bc 63775 6c03dad0 closesocket 63707->63775 63708 6c03f4e9 63713 6c03f4fc 63708->63713 63714 6c03f54d 63708->63714 63712 6c03f428 63709->63712 63718 6c03f439 63709->63718 63710->63697 63716 6c03cfe0 63 API calls 63712->63716 63778 6c03eb00 123 API calls 3 library calls 63713->63778 63765 6c04afa0 ioctlsocket 63714->63765 63715->63708 63732 6c03f539 63715->63732 63716->63715 63722 6c03f465 WSAIoctl 63718->63722 63720 6c03f555 63766 6c044760 63720->63766 63722->63715 63725 6c03f49a WSAGetLastError 63722->63725 63723 6c03f512 63723->63714 63726 6c03f51b 63723->63726 63724 6c03f55f 63727 6c03f589 63724->63727 63781 6c02dfc0 65 API calls __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 63724->63781 63728 6c03cfe0 63 API calls 63725->63728 63779 6c03dad0 closesocket 63726->63779 63734 6c03f5d0 WSAGetLastError 63727->63734 63735 6c03f5ad connect 63727->63735 63727->63736 63728->63715 63731 6c03f522 63731->63736 63780 6c03dad0 closesocket 63732->63780 63734->63736 63737 6c03f5dd 63734->63737 63735->63734 63735->63736 63736->63680 63737->63736 63782 6c02a370 41 API calls 3 library calls 63737->63782 63739 6c03f600 63740 6c03cfe0 63 API calls 63739->63740 63741 6c03f614 63740->63741 63783 6c03dad0 closesocket 63741->63783 63744 6c03da52 63743->63744 63745 6c03da85 63743->63745 63746 6c03dab3 63744->63746 63784 6c065f20 37 API calls std::_Stofx_v2 63744->63784 63785 6c065f20 37 API calls std::_Stofx_v2 63745->63785 63786 6c0901e9 14 API calls __dosmaperr 63746->63786 63749 6c03da93 63749->63746 63752 6c03da9a htons 63749->63752 63751 6c03da65 63751->63746 63754 6c03da6c htons 63751->63754 63752->63684 63753 6c03dac5 63753->63684 63754->63684 63756 6c03d09c 63755->63756 63757 6c03d004 63755->63757 63758 6c08b7ea _Getvals 5 API calls 63756->63758 63757->63756 63787 6c040130 37 API calls 63757->63787 63760 6c03d0ae 63758->63760 63760->63693 63760->63697 63761 6c03d07b 63791 6c03ce70 62 API calls 63761->63791 63762 6c03d02f 63762->63761 63788 6c040040 63762->63788 63765->63720 63767 6c0447d1 GetTickCount 63766->63767 63768 6c04476d QueryPerformanceCounter 63766->63768 63767->63724 63769 6c044792 __alldvrm std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 63768->63769 63769->63724 63770->63678 63771->63690 63772->63692 63773->63696 63774->63707 63775->63736 63776->63706 63777->63703 63778->63723 63779->63731 63780->63736 63781->63727 63782->63739 63783->63736 63784->63751 63785->63749 63786->63753 63787->63762 63792 6c040940 37 API calls 2 library calls 63788->63792 63790 6c040072 63790->63761 63791->63756 63792->63790 63793 6c0335c0 63794 6c040040 37 API calls 63793->63794 63795 6c0335ed 63794->63795 63811 6c04ee20 getaddrinfo 63795->63811 63798 6c033611 WSAGetLastError 63800 6c033617 WSAGetLastError 63798->63800 63801 6c033628 63798->63801 63799 6c03362b EnterCriticalSection 63802 6c033653 63799->63802 63803 6c033639 LeaveCriticalSection 63799->63803 63800->63799 63801->63799 63804 6c03365b send 63802->63804 63805 6c033679 LeaveCriticalSection 63802->63805 63817 6c033560 DeleteCriticalSection closesocket __fread_nolock 63803->63817 63804->63805 63807 6c033674 WSAGetLastError 63804->63807 63808 6c033647 63805->63808 63807->63805 63809 6c08b7ea _Getvals 5 API calls 63808->63809 63810 6c033699 63809->63810 63815 6c033602 63811->63815 63816 6c04ee53 _LStrxfrm 63811->63816 63812 6c04efbc WSASetLastError 63812->63815 63813 6c04ef41 freeaddrinfo 63814 6c04ef48 63813->63814 63814->63812 63814->63815 63815->63798 63815->63799 63816->63812 63816->63813 63816->63814 63817->63808 63818 6c03d1c0 63819 6c03d28d recv 63818->63819 63826 6c03d21a _LStrxfrm 63818->63826 63820 6c03d2a8 WSAGetLastError 63819->63820 63821 6c03d27a 63819->63821 63820->63821 63822 6c03d2c0 63820->63822 63823 6c08b7ea _Getvals 5 API calls 63821->63823 63829 6c02a370 41 API calls 3 library calls 63822->63829 63825 6c03d302 63823->63825 63826->63819 63826->63821 63827 6c03d2d0 63830 6c03cf00 64 API calls 2 library calls 63827->63830 63829->63827 63830->63821 63831 6c048180 63832 6c0481cb _LStrxfrm 63831->63832 63835 6c0481fc 63832->63835 63837 6c03ce70 62 API calls 63832->63837 63834 6c048294 63834->63835 63838 6c03ce70 62 API calls 63834->63838 63837->63834 63838->63835 63839 6c08bfb8 63840 6c08bfc3 63839->63840 63841 6c08bff6 63839->63841 63843 6c08bfe8 63840->63843 63844 6c08bfc8 63840->63844 63867 6c08c112 81 API calls 4 library calls 63841->63867 63851 6c08c00b 63843->63851 63845 6c08bfcd 63844->63845 63846 6c08bfde 63844->63846 63849 6c08bfd2 63845->63849 63865 6c08b3b9 21 API calls 63845->63865 63866 6c08b39a 23 API calls 63846->63866 63852 6c08c017 CallCatchBlock 63851->63852 63868 6c08b42a 63852->63868 63854 6c08c01e __DllMainCRTStartup@12 63855 6c08c10a 63854->63855 63856 6c08c045 63854->63856 63862 6c08c081 ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 63854->63862 63879 6c08c577 4 API calls 2 library calls 63855->63879 63876 6c08b38c IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 63856->63876 63859 6c08c111 63860 6c08c054 __RTC_Initialize 63860->63862 63877 6c08c732 InitializeSListHead 63860->63877 63862->63849 63863 6c08c062 63863->63862 63878 6c08b361 IsProcessorFeaturePresent ___scrt_release_startup_lock 63863->63878 63865->63849 63866->63849 63867->63849 63869 6c08b433 63868->63869 63880 6c08c39a IsProcessorFeaturePresent 63869->63880 63871 6c08b43f 63881 6c08eb6e 10 API calls 2 library calls 63871->63881 63873 6c08b444 63874 6c08b448 63873->63874 63882 6c08eba3 7 API calls 2 library calls 63873->63882 63874->63854 63876->63860 63877->63863 63878->63862 63879->63859 63880->63871 63881->63873 63882->63874 63883 6c08c2f8 63884 6c08c301 63883->63884 63885 6c08c306 63883->63885 63900 6c08c6e7 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 63884->63900 63889 6c08c1c2 63885->63889 63891 6c08c1ce CallCatchBlock 63889->63891 63890 6c08c1dd 63891->63890 63892 6c08c1f7 dllmain_raw 63891->63892 63896 6c08c1f2 __DllMainCRTStartup@12 63891->63896 63892->63890 63893 6c08c211 dllmain_crt_dispatch 63892->63893 63893->63890 63893->63896 63894 6c08c263 63894->63890 63895 6c08c26c dllmain_crt_dispatch 63894->63895 63895->63890 63897 6c08c27f dllmain_raw 63895->63897 63896->63894 63901 6c08c112 81 API calls 4 library calls 63896->63901 63897->63890 63899 6c08c258 dllmain_raw 63899->63894 63900->63885 63901->63899 63902 6c03d310 63903 6c03d402 send 63902->63903 63904 6c03d376 63902->63904 63905 6c03d437 63903->63905 63906 6c03d427 WSAGetLastError 63903->63906 63904->63903 63909 6c04c890 16 API calls 63904->63909 63910 6c08b7ea _Getvals 5 API calls 63905->63910 63906->63905 63907 6c03d442 63906->63907 63918 6c02a370 41 API calls 3 library calls 63907->63918 63915 6c03d39d 63909->63915 63912 6c03d485 63910->63912 63911 6c03d452 63919 6c03cf00 64 API calls 2 library calls 63911->63919 63914 6c03d3df recv 63914->63903 63916 6c03d3f6 63914->63916 63915->63903 63915->63914 63917 6c03d3fb 63915->63917 63916->63903 63917->63903 63918->63911 63919->63905 63920 6c03d130 recv 63921 6c03d14b WSAGetLastError 63920->63921 63922 6c03d16e 63920->63922 63923 6c078674 63944 6c0785d5 GetModuleHandleExW 63923->63944 63926 6c0786b3 __Mtx_unlock 63928 6c0785d5 Concurrency::details::_Reschedule_chore GetModuleHandleExW 63926->63928 63930 6c0786c7 63928->63930 63931 6c0786e8 63930->63931 63962 6c0785b8 GetModuleHandleExW 63930->63962 63946 6c00c7ca 63931->63946 63934 6c0786d8 63934->63931 63935 6c0786de FreeLibraryWhenCallbackReturns 63934->63935 63935->63931 63937 6c0785d5 Concurrency::details::_Reschedule_chore GetModuleHandleExW 63938 6c0786fe 63937->63938 63939 6c074238 13 API calls 63938->63939 63942 6c07870f __Mtx_unlock __Cnd_broadcast 63938->63942 63940 6c078709 63939->63940 63941 6c00ca59 41 API calls 63940->63941 63941->63942 63945 6c0785eb 63944->63945 63945->63926 63954 6c074238 63945->63954 63947 6c00c7d6 __EH_prolog3_GS 63946->63947 63963 6c00e36b 63947->63963 63948 6c00c7e6 63967 6c009e7e CloseThreadpoolWork Mailbox Concurrency::details::_Release_chore 63948->63967 63950 6c00c7f0 63968 6c08b7f8 5 API calls _Getvals 63950->63968 63952 6c00c7f5 63952->63937 64028 6c073fe0 63954->64028 63957 6c00ca59 63958 6c00ca62 63957->63958 63959 6c00ca66 63957->63959 63958->63926 64048 6c074522 41 API calls std::locale::_Setgloballocale 63959->64048 63961 6c00ca6e 63962->63934 63964 6c00e377 std::locale::_Locimp::_Locimp_ctor 63963->63964 63969 6c028c0b 63964->63969 63965 6c00e388 std::locale::_Locimp::_Locimp_ctor 63965->63948 63967->63950 63968->63952 63970 6c028c17 __EH_prolog3_catch 63969->63970 63975 6c00ea6f 63970->63975 63972 6c028c24 63974 6c028c28 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock std::locale::_Locimp::_Locimp_ctor 63972->63974 63980 6c028973 63972->63980 63974->63965 63976 6c074238 13 API calls 63975->63976 63977 6c00ea7d 63976->63977 63978 6c00ca59 41 API calls 63977->63978 63979 6c00ea83 __Mtx_unlock 63978->63979 63979->63972 63987 6c00df82 63980->63987 63982 6c02899e 63991 6c0037f9 63982->63991 63984 6c0289a8 63996 6c00d439 71 API calls __Mtx_unlock 63984->63996 63986 6c0289b0 63986->63974 63988 6c00df8e std::locale::_Locimp::_Locimp_ctor 63987->63988 63997 6c00dd91 63988->63997 63990 6c00dfa2 Concurrency::details::_ContextCallback::_CallInContext std::locale::_Locimp::_Locimp_ctor 63990->63982 63992 6c003805 Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock std::locale::_Locimp::_Locimp_ctor 63991->63992 63995 6c003827 Concurrency::details::_ContextCallback::_CallInContext Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock std::locale::_Locimp::_Locimp_ctor 63992->63995 64027 6c073c85 RaiseException Concurrency::details::_ContextCallback::_CallInContext Concurrency::cancel_current_task 63992->64027 63995->63984 63996->63986 63998 6c00dda5 63997->63998 64001 6c0020a4 63998->64001 64000 6c00ddad 64000->63990 64002 6c0020b0 std::locale::_Locimp::_Locimp_ctor 64001->64002 64005 6c0036d4 64002->64005 64004 6c0020cd Concurrency::details::_ContextCallback::_CallInContext std::locale::_Locimp::_Locimp_ctor 64004->64000 64006 6c0036e0 std::locale::_Locimp::_Locimp_ctor 64005->64006 64009 6c08b2a8 64006->64009 64008 6c0036ea std::locale::_Locimp::_Locimp_ctor 64008->64004 64011 6c08b2ad 64009->64011 64012 6c08b2c7 64011->64012 64015 6c00e850 Concurrency::cancel_current_task 64011->64015 64018 6c094066 64011->64018 64026 6c09f778 EnterCriticalSection LeaveCriticalSection moneypunct 64011->64026 64012->64008 64014 6c08b2d3 64014->64014 64015->64014 64025 6c08ca1a RaiseException 64015->64025 64017 6c00e86c 64024 6c0a4b48 std::_Locinfo::_W_Getdays 64018->64024 64019 6c0a4b86 64020 6c0901e9 std::_Stofx_v2 14 API calls 64019->64020 64022 6c0a4b84 64020->64022 64021 6c0a4b71 RtlAllocateHeap 64021->64022 64021->64024 64022->64011 64023 6c09f778 moneypunct EnterCriticalSection LeaveCriticalSection 64023->64024 64024->64019 64024->64021 64024->64023 64025->64017 64026->64011 64029 6c074036 64028->64029 64030 6c074008 GetCurrentThreadId 64028->64030 64033 6c07409a 64029->64033 64034 6c07403a GetCurrentThreadId 64029->64034 64031 6c074013 GetCurrentThreadId 64030->64031 64032 6c07402e 64030->64032 64031->64032 64038 6c08b7ea _Getvals 5 API calls 64032->64038 64035 6c074133 GetCurrentThreadId 64033->64035 64037 6c0740ba 64033->64037 64042 6c074045 64034->64042 64035->64042 64036 6c07416a GetCurrentThreadId 64036->64032 64046 6c073f0e GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 64037->64046 64040 6c074182 64038->64040 64040->63957 64042->64032 64042->64036 64043 6c0740ea GetCurrentThreadId 64043->64042 64044 6c0740c5 __Xtime_diff_to_millis2 64043->64044 64044->64032 64044->64042 64044->64043 64047 6c073f0e GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 64044->64047 64046->64044 64047->64044 64048->63961 64049 6c03e790 64050 6c03e7bb 64049->64050 64051 6c03e9c8 64049->64051 64050->64051 64053 6c03e7d5 getpeername 64050->64053 64052 6c08b7ea _Getvals 5 API calls 64051->64052 64054 6c03eaa6 64052->64054 64055 6c03e841 __fread_nolock 64053->64055 64056 6c03e7fe WSAGetLastError 64053->64056 64059 6c03e85a getsockname 64055->64059 64099 6c02a370 41 API calls 3 library calls 64056->64099 64058 6c03e819 64100 6c03cf00 64 API calls 2 library calls 64058->64100 64061 6c03e872 WSAGetLastError 64059->64061 64062 6c03e8b5 64059->64062 64101 6c02a370 41 API calls 3 library calls 64061->64101 64063 6c03da40 39 API calls 64062->64063 64066 6c03e8d4 64063->64066 64064 6c03e826 64067 6c08b7ea _Getvals 5 API calls 64064->64067 64069 6c03e925 64066->64069 64070 6c03e8db 64066->64070 64071 6c03e83a 64067->64071 64068 6c03e88d 64102 6c03cf00 64 API calls 2 library calls 64068->64102 64073 6c03da40 39 API calls 64069->64073 64103 6c0901e9 14 API calls __dosmaperr 64070->64103 64077 6c03e977 64073->64077 64075 6c03e89a 64076 6c08b7ea _Getvals 5 API calls 64075->64076 64079 6c03e8ae 64076->64079 64077->64051 64080 6c03e97e 64077->64080 64078 6c03e8e0 64104 6c0901e9 14 API calls __dosmaperr 64078->64104 64107 6c0901e9 14 API calls __dosmaperr 64080->64107 64083 6c03e8e7 64105 6c02a370 41 API calls 3 library calls 64083->64105 64084 6c03e983 64108 6c0901e9 14 API calls __dosmaperr 64084->64108 64087 6c03e8fc 64106 6c03cf00 64 API calls 2 library calls 64087->64106 64088 6c03e98a 64109 6c02a370 41 API calls 3 library calls 64088->64109 64091 6c03e90a 64093 6c08b7ea _Getvals 5 API calls 64091->64093 64092 6c03e99f 64110 6c03cf00 64 API calls 2 library calls 64092->64110 64095 6c03e91e 64093->64095 64096 6c03e9ad 64097 6c08b7ea _Getvals 5 API calls 64096->64097 64098 6c03e9c1 64097->64098 64099->64058 64100->64064 64101->64068 64102->64075 64103->64078 64104->64083 64105->64087 64106->64091 64107->64084 64108->64088 64109->64092 64110->64096 64111 6c0330b0 64112 6c0330f1 64111->64112 64113 6c0330dd 64111->64113 64114 6c044760 2 API calls 64112->64114 64155 6c044fa0 64113->64155 64115 6c033131 64114->64115 64122 6c0336a0 64115->64122 64118 6c03314e 64119 6c033155 64118->64119 64162 6c03cf00 64 API calls 2 library calls 64118->64162 64121 6c033171 64124 6c0336af __fread_nolock 64122->64124 64126 6c03375d 64124->64126 64127 6c033738 InitializeCriticalSectionEx 64124->64127 64133 6c0337ad __fread_nolock 64124->64133 64125 6c0337d0 64125->64118 64129 6c033770 DeleteCriticalSection 64126->64129 64131 6c03377f 64126->64131 64163 6c04ada0 socket 64127->64163 64129->64131 64130 6c033752 64130->64126 64134 6c0337fe 64130->64134 64132 6c0337a6 closesocket 64131->64132 64131->64133 64132->64133 64187 6c0901e9 14 API calls __dosmaperr 64133->64187 64153 6c033846 64134->64153 64184 6c04f430 64134->64184 64136 6c033856 EnterCriticalSection LeaveCriticalSection 64137 6c033880 64136->64137 64138 6c033894 64136->64138 64189 6c04f460 CloseHandle 64137->64189 64140 6c0338a2 64138->64140 64141 6c033899 64138->64141 64139 6c0338d4 64192 6c0901e9 14 API calls __dosmaperr 64139->64192 64191 6c033560 DeleteCriticalSection closesocket __fread_nolock 64140->64191 64190 6c04f470 WaitForSingleObjectEx CloseHandle 64141->64190 64143 6c03388c 64143->64118 64145 6c033887 64150 6c0338ab 64145->64150 64154 6c0338cd closesocket 64150->64154 64151 6c0338fc 64151->64118 64152 6c03389f 64152->64140 64153->64136 64153->64139 64154->64139 64156 6c044fb4 socket 64155->64156 64157 6c044fa8 64155->64157 64158 6c044fc5 64156->64158 64159 6c044fc8 64156->64159 64157->64112 64158->64112 64343 6c03dad0 closesocket 64159->64343 64161 6c044fd0 64161->64112 64162->64121 64164 6c04af86 64163->64164 64165 6c04adde htonl setsockopt 64163->64165 64166 6c08b7ea _Getvals 5 API calls 64164->64166 64167 6c04af74 closesocket closesocket closesocket 64165->64167 64168 6c04ae32 bind 64165->64168 64169 6c04af97 64166->64169 64167->64164 64168->64167 64170 6c04ae49 getsockname 64168->64170 64169->64130 64170->64167 64171 6c04ae63 listen 64170->64171 64171->64167 64172 6c04ae75 socket 64171->64172 64172->64167 64173 6c04ae88 connect 64172->64173 64173->64167 64174 6c04ae9f accept 64173->64174 64174->64167 64175 6c04aeb6 64174->64175 64176 6c040040 37 API calls 64175->64176 64177 6c04aec8 send 64176->64177 64177->64167 64179 6c04aef3 recv 64177->64179 64179->64167 64180 6c04af09 64179->64180 64180->64167 64181 6c04af59 closesocket 64180->64181 64182 6c08b7ea _Getvals 5 API calls 64181->64182 64183 6c04af70 64182->64183 64183->64130 64193 6c09c1ed 64184->64193 64186 6c033830 64186->64143 64188 6c0901e9 14 API calls __dosmaperr 64186->64188 64187->64125 64188->64153 64189->64145 64190->64152 64191->64150 64192->64151 64194 6c09c1fa 64193->64194 64195 6c09c20e 64193->64195 64215 6c0901e9 14 API calls __dosmaperr 64194->64215 64206 6c09c19d 64195->64206 64199 6c09c1ff ___std_exception_copy 64199->64186 64200 6c09c223 CreateThread 64201 6c09c24e 64200->64201 64202 6c09c242 GetLastError 64200->64202 64241 6c09c091 64200->64241 64217 6c09c10f 64201->64217 64216 6c0901b3 14 API calls 3 library calls 64202->64216 64225 6c0a370e 64206->64225 64210 6c09c1bb 64211 6c09c1df 64210->64211 64212 6c09c1c2 GetModuleHandleExW 64210->64212 64213 6c09c10f 16 API calls 64211->64213 64212->64211 64214 6c09c1e7 64213->64214 64214->64200 64214->64201 64215->64199 64216->64201 64218 6c09c11b 64217->64218 64224 6c09c13f 64217->64224 64219 6c09c12a 64218->64219 64220 6c09c121 CloseHandle 64218->64220 64221 6c09c139 64219->64221 64222 6c09c130 FreeLibrary 64219->64222 64220->64219 64223 6c0a376b _free 14 API calls 64221->64223 64222->64221 64223->64224 64224->64186 64230 6c0a371b std::_Locinfo::_W_Getdays 64225->64230 64226 6c0a375b 64239 6c0901e9 14 API calls __dosmaperr 64226->64239 64227 6c0a3746 RtlAllocateHeap 64229 6c09c1ae 64227->64229 64227->64230 64232 6c0a376b 64229->64232 64230->64226 64230->64227 64238 6c09f778 EnterCriticalSection LeaveCriticalSection moneypunct 64230->64238 64233 6c0a3776 RtlFreeHeap 64232->64233 64237 6c0a379f _free 64232->64237 64234 6c0a378b 64233->64234 64233->64237 64240 6c0901e9 14 API calls __dosmaperr 64234->64240 64236 6c0a3791 GetLastError 64236->64237 64237->64210 64238->64230 64239->64229 64240->64236 64242 6c09c09d CallCatchBlock 64241->64242 64243 6c09c0b1 64242->64243 64244 6c09c0a4 GetLastError ExitThread 64242->64244 64255 6c0a34bc GetLastError 64243->64255 64249 6c09c0cd 64287 6c09c270 64249->64287 64256 6c0a34d9 64255->64256 64257 6c0a34d3 64255->64257 64280 6c0a34df SetLastError 64256->64280 64292 6c0a3cd2 64256->64292 64291 6c0a3c93 6 API calls std::_Lockit::_Lockit 64257->64291 64261 6c0a370e __dosmaperr 14 API calls 64262 6c0a3507 64261->64262 64264 6c0a350f 64262->64264 64265 6c0a3526 64262->64265 64268 6c0a3cd2 __dosmaperr 6 API calls 64264->64268 64270 6c0a3cd2 __dosmaperr 6 API calls 64265->64270 64266 6c09c0b6 64282 6c0a8d39 64266->64282 64267 6c0a3573 64298 6c094071 34 API calls std::locale::_Setgloballocale 64267->64298 64271 6c0a351d 64268->64271 64273 6c0a3532 64270->64273 64276 6c0a376b _free 14 API calls 64271->64276 64272 6c0a3578 64274 6c0a3536 64273->64274 64275 6c0a3547 64273->64275 64277 6c0a3cd2 __dosmaperr 6 API calls 64274->64277 64297 6c0a32be 14 API calls __dosmaperr 64275->64297 64276->64280 64277->64271 64279 6c0a3552 64281 6c0a376b _free 14 API calls 64279->64281 64280->64266 64280->64267 64281->64280 64283 6c0a8d4b GetPEB 64282->64283 64284 6c09c0c1 64282->64284 64283->64284 64285 6c0a8d5e 64283->64285 64284->64249 64290 6c0a3fba 5 API calls std::_Lockit::_Lockit 64284->64290 64307 6c0a3b05 5 API calls std::_Lockit::_Lockit 64285->64307 64308 6c09c146 64287->64308 64289 6c09c27d 64290->64249 64291->64256 64299 6c0a3a42 64292->64299 64295 6c0a3d0c TlsSetValue 64296 6c0a34f7 64296->64261 64296->64280 64297->64279 64298->64272 64300 6c0a3a70 64299->64300 64304 6c0a3a6c 64299->64304 64300->64304 64306 6c0a397b LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 64300->64306 64302 6c0a3a84 64303 6c0a3a8a GetProcAddress 64302->64303 64302->64304 64303->64304 64305 6c0a3a9a std::_Lockit::_Lockit 64303->64305 64304->64295 64304->64296 64305->64304 64306->64302 64307->64284 64317 6c0a3613 GetLastError 64308->64317 64310 6c09c193 ExitThread 64311 6c09c16a 64314 6c09c176 CloseHandle 64311->64314 64315 6c09c17d 64311->64315 64312 6c09c151 64312->64310 64312->64311 64340 6c0a3ff7 5 API calls std::_Lockit::_Lockit 64312->64340 64314->64315 64315->64310 64316 6c09c189 FreeLibraryAndExitThread 64315->64316 64316->64310 64318 6c0a362a 64317->64318 64321 6c0a3630 64317->64321 64341 6c0a3c93 6 API calls std::_Lockit::_Lockit 64318->64341 64320 6c0a3cd2 __dosmaperr 6 API calls 64322 6c0a364e 64320->64322 64321->64320 64337 6c0a3636 SetLastError 64321->64337 64323 6c0a370e __dosmaperr 12 API calls 64322->64323 64322->64337 64325 6c0a365e 64323->64325 64326 6c0a367d 64325->64326 64327 6c0a3666 64325->64327 64329 6c0a3cd2 __dosmaperr 6 API calls 64326->64329 64328 6c0a3cd2 __dosmaperr 6 API calls 64327->64328 64330 6c0a3674 64328->64330 64331 6c0a3689 64329->64331 64334 6c0a376b _free 12 API calls 64330->64334 64332 6c0a369e 64331->64332 64333 6c0a368d 64331->64333 64342 6c0a32be 14 API calls __dosmaperr 64332->64342 64335 6c0a3cd2 __dosmaperr 6 API calls 64333->64335 64334->64337 64335->64330 64337->64312 64338 6c0a36a9 64339 6c0a376b _free 12 API calls 64338->64339 64339->64337 64340->64311 64341->64321 64342->64338 64343->64161 64344 6c02fdb4 64364 6c03de40 64344->64364 64346 6c02fdc3 64361 6c02f8a1 64346->64361 64403 6c02f340 90 API calls _Getvals 64346->64403 64349 6c030b77 64350 6c08b7ea _Getvals 5 API calls 64349->64350 64352 6c030b8b 64350->64352 64351 6c030b8f 64412 6c03cf00 64 API calls 2 library calls 64351->64412 64354 6c030b9b 64356 6c08b7ea _Getvals 5 API calls 64354->64356 64358 6c030bb2 64356->64358 64360 6c02dfc0 65 API calls 64360->64361 64361->64349 64361->64351 64361->64354 64361->64360 64362 6c03cf00 64 API calls 64361->64362 64401 6c03e670 7 API calls _Getvals 64361->64401 64402 6c02f340 90 API calls _Getvals 64361->64402 64404 6c038d80 73 API calls 64361->64404 64405 6c02e1d0 64361->64405 64411 6c04b680 68 API calls 64361->64411 64362->64361 64365 6c03de98 64364->64365 64381 6c03de8e 64364->64381 64366 6c044760 2 API calls 64365->64366 64369 6c03dea2 64366->64369 64367 6c08b7ea _Getvals 5 API calls 64368 6c03e3ae 64367->64368 64368->64346 64370 6c03e389 64369->64370 64372 6c03df48 64369->64372 64423 6c03cf00 64 API calls 2 library calls 64370->64423 64373 6c03df51 64372->64373 64399 6c03df81 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64372->64399 64413 6c03eff0 128 API calls 64373->64413 64375 6c03df61 64375->64381 64414 6c03f0f0 76 API calls 64375->64414 64376 6c04c890 16 API calls 64376->64399 64377 6c03e250 64377->64381 64417 6c03f670 142 API calls 64377->64417 64380 6c03e15d SleepEx getsockopt 64382 6c03e19d WSAGetLastError 64380->64382 64380->64399 64381->64367 64382->64399 64383 6c03e107 SleepEx getsockopt 64384 6c03e147 WSAGetLastError 64383->64384 64383->64399 64384->64399 64385 6c03e07d WSASetLastError 64385->64399 64386 6c03e28d 64388 6c03e2e1 64386->64388 64418 6c03dad0 closesocket 64386->64418 64387 6c03e264 64387->64381 64421 6c02a370 41 API calls 3 library calls 64387->64421 64419 6c03eff0 128 API calls 64388->64419 64393 6c03cfe0 63 API calls 64393->64399 64394 6c03e35b 64422 6c03cf00 64 API calls 2 library calls 64394->64422 64395 6c03e2fb 64395->64381 64420 6c03f0f0 76 API calls 64395->64420 64399->64376 64399->64377 64399->64380 64399->64383 64399->64385 64399->64386 64399->64393 64400 6c03f670 142 API calls 64399->64400 64415 6c045890 37 API calls 64399->64415 64416 6c02a370 41 API calls 3 library calls 64399->64416 64400->64399 64401->64361 64402->64361 64403->64361 64404->64361 64406 6c02e1dc 64405->64406 64409 6c02e21e 64405->64409 64406->64409 64424 6c046160 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64406->64424 64408 6c02e20b 64408->64409 64410 6c03cfe0 63 API calls 64408->64410 64409->64361 64410->64409 64411->64361 64412->64354 64413->64375 64414->64381 64415->64399 64416->64399 64417->64387 64418->64388 64419->64395 64420->64381 64421->64394 64422->64381 64423->64381 64424->64408 64425 6c01ebd6 64426 6c01ec05 64425->64426 64427 6c01ebfb 64425->64427 64451 6c007772 64426->64451 64474 6c01e609 27 API calls 4 library calls 64427->64474 64432 6c08b7ea _Getvals 5 API calls 64434 6c01ed09 64432->64434 64433 6c01ec42 64435 6c007772 moneypunct 27 API calls 64433->64435 64436 6c01ec58 64435->64436 64458 6c00cae0 64436->64458 64438 6c01ec70 64439 6c007772 moneypunct 27 API calls 64438->64439 64440 6c01ec7d 64439->64440 64462 6c029405 64440->64462 64441 6c01ec85 64475 6c010192 27 API calls 64441->64475 64443 6c01ec94 64476 6c00ea1b 64443->64476 64445 6c01ec9c 64480 6c00ea41 11 API calls collate 64445->64480 64447 6c01ecf2 64448 6c00ea1b collate 11 API calls 64447->64448 64449 6c01ec00 64448->64449 64449->64432 64481 6c00eef8 64451->64481 64454 6c01e4c5 64455 6c01e4d1 std::locale::_Locimp::_Locimp_ctor collate 64454->64455 64456 6c00ea1b collate 11 API calls 64455->64456 64457 6c01e524 std::locale::_Locimp::_Locimp_ctor 64456->64457 64457->64433 64459 6c00caf7 64458->64459 64460 6c00cafe _LStrxfrm 64459->64460 64490 6c00253f 27 API calls 2 library calls 64459->64490 64460->64438 64463 6c029411 std::locale::_Locimp::_Locimp_ctor 64462->64463 64491 6c01c158 64463->64491 64466 6c029471 64467 6c00ea1b collate 11 API calls 64466->64467 64468 6c029479 64467->64468 64469 6c00ea1b collate 11 API calls 64468->64469 64470 6c029481 64469->64470 64471 6c00ea1b collate 11 API calls 64470->64471 64472 6c029489 std::locale::_Locimp::_Locimp_ctor 64471->64472 64472->64441 64474->64449 64475->64443 64477 6c00ea2f 64476->64477 64478 6c00ea26 64476->64478 64477->64445 64655 6c002a34 11 API calls 3 library calls 64478->64655 64480->64447 64482 6c00ef02 64481->64482 64482->64482 64485 6c00ef19 64482->64485 64484 6c00778e 64484->64454 64486 6c00ef4c 64485->64486 64488 6c00ef28 _LStrxfrm 64485->64488 64489 6c0038ef 27 API calls 3 library calls 64486->64489 64488->64484 64489->64488 64490->64460 64492 6c01c167 __EH_prolog3_GS 64491->64492 64551 6c01b7a9 64492->64551 64494 6c01c1a0 64495 6c01b7a9 27 API calls 64494->64495 64496 6c01c1b9 64495->64496 64557 6c007c91 64496->64557 64498 6c01c1d6 64563 6c01c09c 64498->64563 64500 6c01c228 64547 6c04ada0 52 API calls 64500->64547 64548 6c044fa0 2 API calls 64500->64548 64583 6c0388e0 64500->64583 64599 6c04afa0 ioctlsocket 64500->64599 64501 6c01c240 64502 6c00ea1b collate 11 API calls 64501->64502 64503 6c01c24c 64502->64503 64504 6c01c348 __fread_nolock 64503->64504 64505 6c01c25d 64503->64505 64610 6c01c456 85 API calls 2 library calls 64504->64610 64600 6c00375d 27 API calls _Getvals 64505->64600 64508 6c01c27d 64601 6c002429 71 API calls collate 64508->64601 64509 6c01c414 64618 6c01bc0c 27 API calls collate 64509->64618 64511 6c01c299 64602 6c00edbf 64511->64602 64514 6c01c343 64515 6c00ea1b collate 11 API calls 64514->64515 64518 6c01c43b 64515->64518 64517 6c01c2ae collate 64606 6c00ed27 64517->64606 64519 6c00ea1b collate 11 API calls 64518->64519 64521 6c01c443 64519->64521 64619 6c0032c3 11 API calls collate 64521->64619 64524 6c01c2ca collate 64529 6c00ea1b collate 11 API calls 64524->64529 64525 6c01c44e 64620 6c08b7f8 5 API calls _Getvals 64525->64620 64531 6c01c2de 64529->64531 64530 6c01c453 64550 6c0199db 71 API calls 2 library calls 64530->64550 64533 6c00ea1b collate 11 API calls 64531->64533 64534 6c01c2e9 64533->64534 64536 6c00ea1b collate 11 API calls 64534->64536 64537 6c01c2f8 64536->64537 64540 6c00cae0 std::ios_base::failure::failure 27 API calls 64537->64540 64538 6c01c372 64538->64509 64539 6c01c416 64538->64539 64611 6c01be71 27 API calls 64538->64611 64612 6c01c4da 33 API calls 4 library calls 64538->64612 64613 6c019d5b 27 API calls 4 library calls 64538->64613 64614 6c0168d2 27 API calls std::locale::_Locimp::_Locimp_ctor 64538->64614 64615 6c01bce7 27 API calls 64538->64615 64616 6c01bb2c 27 API calls collate 64538->64616 64617 6c01be71 27 API calls 64539->64617 64541 6c01c320 64540->64541 64543 6c007772 moneypunct 27 API calls 64541->64543 64544 6c01c333 64543->64544 64545 6c00ea1b collate 11 API calls 64544->64545 64545->64514 64547->64501 64548->64501 64550->64466 64552 6c01b7b5 std::locale::_Locimp::_Locimp_ctor 64551->64552 64553 6c00cae0 std::ios_base::failure::failure 27 API calls 64552->64553 64554 6c01b7cc 64553->64554 64555 6c00cae0 std::ios_base::failure::failure 27 API calls 64554->64555 64556 6c01b7e2 std::locale::_Locimp::_Locimp_ctor 64555->64556 64556->64494 64558 6c007c9d std::locale::_Locimp::_Locimp_ctor 64557->64558 64621 6c0025de 64558->64621 64562 6c007cc6 std::locale::_Locimp::_Locimp_ctor 64562->64498 64564 6c01c0a8 std::locale::_Locimp::_Locimp_ctor 64563->64564 64629 6c0023dd 64564->64629 64568 6c01c0d5 64569 6c00ea1b collate 11 API calls 64568->64569 64570 6c01c0e6 64569->64570 64571 6c01c11b 64570->64571 64640 6c002457 27 API calls std::ios_base::failure::failure 64570->64640 64572 6c01c14d std::locale::_Locimp::_Locimp_ctor 64571->64572 64641 6c002457 27 API calls std::ios_base::failure::failure 64571->64641 64572->64500 64575 6c01c0fd 64577 6c00ed27 21 API calls 64575->64577 64576 6c01c132 64578 6c00ed27 21 API calls 64576->64578 64579 6c01c110 64577->64579 64580 6c01c145 64578->64580 64581 6c00ea1b collate 11 API calls 64579->64581 64582 6c00ea1b collate 11 API calls 64580->64582 64581->64571 64582->64572 64584 6c038ade 64583->64584 64585 6c0388ed 64583->64585 64584->64501 64585->64584 64586 6c02e1d0 63 API calls 64585->64586 64587 6c038903 64586->64587 64588 6c038914 64587->64588 64652 6c02efc0 90 API calls 64587->64652 64591 6c038924 64588->64591 64653 6c02ed10 90 API calls 64588->64653 64648 6c038ed0 64591->64648 64593 6c038967 64597 6c09404b 14 API calls 64593->64597 64594 6c0389f3 64595 6c032870 74 API calls 64594->64595 64596 6c038a31 64595->64596 64598 6c09404b 14 API calls 64596->64598 64597->64594 64598->64584 64599->64501 64600->64508 64601->64511 64603 6c00edff 64602->64603 64605 6c00edd5 _LStrxfrm 64602->64605 64654 6c003cc3 21 API calls std::ios_base::failure::failure 64603->64654 64605->64517 64607 6c00ed36 64606->64607 64608 6c00edbf moneypunct 21 API calls 64607->64608 64609 6c00ed3f 64608->64609 64609->64524 64610->64538 64611->64538 64612->64538 64613->64538 64614->64538 64615->64538 64617->64509 64618->64514 64619->64525 64620->64530 64622 6c08b2a8 moneypunct 16 API calls 64621->64622 64623 6c0025e5 64622->64623 64624 6c005de7 64623->64624 64625 6c005df6 64624->64625 64626 6c005e07 64625->64626 64628 6c002b59 27 API calls 64625->64628 64626->64562 64628->64625 64630 6c0023ea 64629->64630 64631 6c002400 64630->64631 64632 6c002423 64630->64632 64642 6c007911 64631->64642 64646 6c00ec6d 21 API calls std::ios_base::failure::failure 64632->64646 64636 6c00241e 64637 6c018af2 64636->64637 64638 6c00ed27 21 API calls 64637->64638 64639 6c018b00 collate 64638->64639 64639->64568 64640->64575 64641->64576 64643 6c007946 std::ios_base::failure::failure 64642->64643 64645 6c007967 _LStrxfrm 64642->64645 64647 6c00253f 27 API calls 2 library calls 64643->64647 64645->64636 64647->64645 64649 6c038ee1 64648->64649 64650 6c0388e0 90 API calls 64649->64650 64651 6c038f0d 64650->64651 64652->64588 64653->64591 64655->64477 64656 6c00cff7 64659 6c005e0e 64656->64659 64658 6c00d000 64660 6c005e24 Concurrency::details::_ContextCallback::_CallInContext 64659->64660 64661 6c005e1f 64659->64661 64660->64658 64668 6c08ca1a RaiseException 64660->64668 64665 6c0287a1 64661->64665 64663 6c073ca1 64669 6c025210 64665->64669 64668->64663 64672 6c025227 64669->64672 64675 6c0256c6 64672->64675 64676 6c0256e2 collate 64675->64676 64679 6c027f82 64676->64679 64677 6c025223 64677->64660 64680 6c027f8e std::locale::_Locimp::_Locimp_ctor 64679->64680 64688 6c04ada0 52 API calls 64680->64688 64689 6c044fa0 2 API calls 64680->64689 64691 6c04afa0 ioctlsocket 64680->64691 64681 6c027fb6 64682 6c00ea1b collate 11 API calls 64681->64682 64683 6c027fbe 64682->64683 64684 6c00ea1b collate 11 API calls 64683->64684 64685 6c027fc6 64684->64685 64686 6c00ea1b collate 11 API calls 64685->64686 64687 6c027fce std::locale::_Locimp::_Locimp_ctor 64686->64687 64687->64677 64688->64681 64689->64681 64691->64681 64692 6c0a41b3 GetStartupInfoW 64693 6c0a4264 64692->64693 64694 6c0a41d0 64692->64694 64694->64693 64698 6c0a8798 64694->64698 64696 6c0a41f8 64696->64693 64697 6c0a4228 GetFileType 64696->64697 64697->64696 64699 6c0a87a4 CallCatchBlock 64698->64699 64700 6c0a87ce 64699->64700 64701 6c0a87ad 64699->64701 64709 6c09c8ee EnterCriticalSection 64700->64709 64717 6c0901e9 14 API calls __dosmaperr 64701->64717 64704 6c0a8806 64718 6c0a882d LeaveCriticalSection std::_Lockit::~_Lockit 64704->64718 64705 6c0a87da 64705->64704 64710 6c0a86e8 64705->64710 64708 6c0a87b2 ___std_exception_copy 64708->64696 64709->64705 64711 6c0a370e __dosmaperr 14 API calls 64710->64711 64713 6c0a86fa 64711->64713 64712 6c0a8707 64714 6c0a376b _free 14 API calls 64712->64714 64713->64712 64719 6c0a3e6a 6 API calls std::_Lockit::_Lockit 64713->64719 64716 6c0a875c 64714->64716 64716->64705 64717->64708 64718->64708 64719->64713 64720 6c013f9a 64721 6c013fa6 __EH_prolog3_GS 64720->64721 64809 6c029920 37 API calls 64721->64809 64723 6c013fc0 64724 6c014193 64723->64724 64744 6c013fca _Find_unchecked collate 64723->64744 64842 6c08ca1a RaiseException 64724->64842 64726 6c0141a8 __EH_prolog3_GS 64843 6c029920 37 API calls 64726->64843 64728 6c0141d2 64729 6c01449b 64728->64729 64774 6c0141dc _Find_unchecked collate 64728->64774 64851 6c08ca1a RaiseException 64729->64851 64731 6c0144b6 __EH_prolog3_GS 64852 6c029920 37 API calls 64731->64852 64733 6c0140a8 64811 6c0983ec 17 API calls 64733->64811 64734 6c0023dd 27 API calls 64734->64744 64736 6c0144e3 64740 6c0146e0 64736->64740 64750 6c0144ed _Find_unchecked collate 64736->64750 64739 6c00ed27 21 API calls 64739->64744 64860 6c08ca1a RaiseException 64740->64860 64742 6c0023dd 27 API calls 64742->64774 64743 6c0146f5 64746 6c00edbf moneypunct 21 API calls 64743->64746 64744->64733 64744->64734 64744->64739 64767 6c00ea1b 11 API calls collate 64744->64767 64810 6c007cd0 27 API calls 2 library calls 64744->64810 64745 6c00ed27 21 API calls 64745->64774 64749 6c014717 64746->64749 64747 6c0140ed 64812 6c010b55 QueryPerformanceCounter QueryPerformanceFrequency __alldvrm std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64747->64812 64748 6c0145ac 64854 6c010b55 QueryPerformanceCounter QueryPerformanceFrequency __alldvrm std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64748->64854 64750->64748 64758 6c0023dd 27 API calls 64750->64758 64764 6c00ed27 21 API calls 64750->64764 64783 6c00ea1b 11 API calls collate 64750->64783 64853 6c007cd0 27 API calls 2 library calls 64750->64853 64752 6c0142d0 64845 6c010b55 QueryPerformanceCounter QueryPerformanceFrequency __alldvrm std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64752->64845 64754 6c014111 64813 6c029960 64754->64813 64757 6c014374 64760 6c029960 152 API calls 64757->64760 64758->64750 64759 6c014117 64837 6c010b55 QueryPerformanceCounter QueryPerformanceFrequency __alldvrm std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64759->64837 64763 6c01437a 64760->64763 64762 6c014122 64838 6c029900 90 API calls 64762->64838 64846 6c010b55 QueryPerformanceCounter QueryPerformanceFrequency __alldvrm std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64763->64846 64764->64750 64765 6c00ea1b 11 API calls collate 64765->64774 64767->64744 64768 6c014388 64847 6c029900 90 API calls 64768->64847 64770 6c014130 64839 6c090405 64 API calls 4 library calls 64770->64839 64774->64742 64774->64745 64774->64752 64774->64765 64844 6c007cd0 27 API calls 2 library calls 64774->64844 64775 6c014136 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64779 6c00ef19 std::ios_base::failure::failure 27 API calls 64775->64779 64776 6c014630 64777 6c029960 152 API calls 64776->64777 64778 6c014636 64777->64778 64855 6c010b55 QueryPerformanceCounter QueryPerformanceFrequency __alldvrm std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64778->64855 64781 6c014175 64779->64781 64840 6c014748 27 API calls 3 library calls 64781->64840 64782 6c014641 64856 6c029900 90 API calls 64782->64856 64783->64750 64785 6c014399 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64787 6c007772 moneypunct 27 API calls 64785->64787 64786 6c014188 64841 6c08b7f8 5 API calls _Getvals 64786->64841 64790 6c014402 64787->64790 64793 6c00cae0 std::ios_base::failure::failure 27 API calls 64790->64793 64791 6c014190 64792 6c01464f __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64795 6c00cae0 std::ios_base::failure::failure 27 API calls 64792->64795 64794 6c014422 64793->64794 64848 6c0147a8 27 API calls 3 library calls 64794->64848 64797 6c014687 64795->64797 64857 6c014748 27 API calls 3 library calls 64797->64857 64798 6c014442 64804 6c01447a Mailbox 64798->64804 64849 6c00c59a 11 API calls std::_Locinfo::_W_Getdays 64798->64849 64801 6c01469f 64808 6c0146c5 Mailbox 64801->64808 64858 6c00c59a 11 API calls std::_Locinfo::_W_Getdays 64801->64858 64802 6c014498 64850 6c08b7f8 5 API calls _Getvals 64804->64850 64807 6c0146dd 64859 6c08b7f8 5 API calls _Getvals 64808->64859 64809->64723 64810->64744 64811->64747 64812->64754 64814 6c029970 64813->64814 64815 6c02996a 64813->64815 64816 6c029983 64814->64816 64817 6c029999 64814->64817 64815->64759 64865 6c03cf00 64 API calls 2 library calls 64816->64865 64822 6c0299aa 64817->64822 64866 6c02e320 141 API calls 64817->64866 64819 6c02998e 64819->64759 64821 6c0299b3 64821->64759 64822->64821 64861 6c02ebb0 65 API calls 64822->64861 64824 6c0299e5 64825 6c0299ee 64824->64825 64833 6c029a0c 64824->64833 64867 6c02ed10 90 API calls 64825->64867 64827 6c0299f4 64827->64759 64828 6c029a70 64870 6c02efc0 90 API calls 64828->64870 64831 6c029a87 64831->64759 64833->64828 64834 6c029a5b 64833->64834 64862 6c02ef90 64833->64862 64868 6c02ee70 90 API calls _Getvals 64833->64868 64869 6c02efc0 90 API calls 64834->64869 64836 6c029a65 64836->64759 64837->64762 64838->64770 64839->64775 64840->64786 64841->64791 64842->64726 64843->64728 64844->64774 64845->64757 64846->64768 64847->64785 64848->64798 64849->64804 64850->64802 64851->64731 64852->64736 64853->64750 64854->64776 64855->64782 64856->64792 64857->64801 64858->64808 64859->64807 64860->64743 64861->64824 64871 6c02e4c0 64862->64871 64864 6c02efad 64864->64833 64865->64819 64866->64822 64867->64827 64868->64833 64869->64836 64870->64831 64872 6c02e520 64871->64872 64890 6c02e90f 64871->64890 64874 6c02e534 64872->64874 64875 6c02e54f 64872->64875 64872->64890 64873 6c08b7ea _Getvals 5 API calls 64876 6c02e92c 64873->64876 64877 6c08b7ea _Getvals 5 API calls 64874->64877 64878 6c02e558 64875->64878 64883 6c02e575 64875->64883 64876->64864 64879 6c02e548 64877->64879 64880 6c08b7ea _Getvals 5 API calls 64878->64880 64879->64864 64882 6c02e56e 64880->64882 64882->64864 64901 6c030c30 7 API calls 64883->64901 64884 6c02e5dc 64885 6c02e634 64884->64885 64889 6c02e650 64884->64889 64886 6c08b7ea _Getvals 5 API calls 64885->64886 64888 6c02e649 64886->64888 64888->64864 64892 6c02e891 64889->64892 64902 6c04c550 64889->64902 64890->64873 64891 6c02e7c7 64891->64891 64891->64892 64893 6c02e86c 64891->64893 64892->64890 64925 6c030c30 7 API calls 64892->64925 64895 6c02e872 recv 64893->64895 64895->64895 64896 6c02e88a 64895->64896 64896->64892 64897 6c02e8e6 64897->64890 64898 6c02e904 64897->64898 64926 6c04cc00 WSASetLastError Sleep 64898->64926 64900 6c02e90c 64900->64890 64901->64884 64903 6c04c574 64902->64903 64904 6c04c58c 64902->64904 64903->64904 64913 6c04c5c5 64903->64913 64905 6c04c876 64904->64905 64906 6c04c5a1 WSASetLastError 64904->64906 64907 6c04c86f Sleep 64904->64907 64908 6c08b7ea _Getvals 5 API calls 64905->64908 64910 6c08b7ea _Getvals 5 API calls 64906->64910 64907->64905 64909 6c04c887 64908->64909 64909->64891 64911 6c04c5be 64910->64911 64911->64891 64914 6c04c715 64913->64914 64915 6c04c743 select 64913->64915 64917 6c04c735 Sleep 64914->64917 64918 6c04c722 WSASetLastError 64914->64918 64923 6c04c719 64914->64923 64915->64923 64916 6c04c7d4 64919 6c08b7ea _Getvals 5 API calls 64916->64919 64917->64923 64918->64923 64921 6c04c7e9 64919->64921 64920 6c04c811 __WSAFDIsSet 64922 6c04c823 __WSAFDIsSet 64920->64922 64920->64923 64921->64891 64922->64923 64924 6c04c83b __WSAFDIsSet 64922->64924 64923->64916 64923->64920 64923->64922 64923->64924 64924->64923 64925->64897 64926->64900

                                                                                                                                Executed Functions

                                                                                                                                Function 6C04ADA0 Relevance: 22.7, APIs: 15, Instructions: 167networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 250 6c04ada0-6c04add8 socket 251 6c04af86-6c04af9a call 6c08b7ea 250->251 252 6c04adde-6c04ae2c htonl setsockopt 250->252 254 6c04af74-6c04af84 closesocket * 3 252->254 255 6c04ae32-6c04ae43 bind 252->255 254->251 255->254 257 6c04ae49-6c04ae5d getsockname 255->257 257->254 258 6c04ae63-6c04ae6f listen 257->258 258->254 259 6c04ae75-6c04ae82 socket 258->259 259->254 260 6c04ae88-6c04ae99 connect 259->260 260->254 261 6c04ae9f-6c04aeb0 accept 260->261 261->254 262 6c04aeb6-6c04aecf call 6c040040 261->262 265 6c04aed2-6c04aed7 262->265 265->265 266 6c04aed9-6c04aeed send 265->266 266->254 267 6c04aef3-6c04af07 recv 266->267 267->254 268 6c04af09-6c04af14 267->268 269 6c04af16-6c04af1a 268->269 270 6c04af27-6c04af2a 268->270 271 6c04af2c-6c04af30 269->271 272 6c04af1c-6c04af25 269->272 270->271 273 6c04af59-6c04af73 closesocket call 6c08b7ea 270->273 271->254 274 6c04af32-6c04af35 271->274 272->269 272->270 274->273 276 6c04af37-6c04af3d 274->276 276->254 278 6c04af3f-6c04af42 276->278 278->273 279 6c04af44-6c04af4a 278->279 279->254 280 6c04af4c-6c04af4f 279->280 280->273 281 6c04af51-6c04af57 280->281 281->254 281->273
                                                                                                                                APIs
                                                                                                                                • socket.WS2_32 ref: 6C04ADD1
                                                                                                                                • htonl.WS2_32(7F000001), ref: 6C04ADF6
                                                                                                                                • setsockopt.WS2_32(00000000,0000FFFF,00000004,00000006,00000004), ref: 6C04AE23
                                                                                                                                • bind.WS2_32(00000000,00000001,00000010), ref: 6C04AE3A
                                                                                                                                • getsockname.WS2_32(00000000,00000001,00000006), ref: 6C04AE54
                                                                                                                                • listen.WS2_32(00000000,00000001), ref: 6C04AE66
                                                                                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 6C04AE7B
                                                                                                                                • connect.WS2_32(00000000,00000001,00000010), ref: 6C04AE90
                                                                                                                                • accept.WS2_32(00000000,00000000,00000000), ref: 6C04AEA4
                                                                                                                                • send.WS2_32(?,?,?,00000000), ref: 6C04AEE5
                                                                                                                                • recv.WS2_32(FFFFFFFF,?,0000000C,00000000), ref: 6C04AEFF
                                                                                                                                • closesocket.WS2_32(00000000), ref: 6C04AF5A
                                                                                                                                • closesocket.WS2_32(00000000), ref: 6C04AF7B
                                                                                                                                • closesocket.WS2_32(?), ref: 6C04AF7F
                                                                                                                                • closesocket.WS2_32(FFFFFFFF), ref: 6C04AF84
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: closesocket$socket$acceptbindconnectgetsocknamehtonllistenrecvsendsetsockopt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1204719237-0
                                                                                                                                • Opcode ID: 8bf7541a887b489003fd7f40224aa01a812ef2e0d18b8c2fabbfdab0a7bee7c1
                                                                                                                                • Instruction ID: b28d9ee730eef258cd17f30f15d0a6bc4d4c751b793a6c84c891c5783b9d89d5
                                                                                                                                • Opcode Fuzzy Hash: 8bf7541a887b489003fd7f40224aa01a812ef2e0d18b8c2fabbfdab0a7bee7c1
                                                                                                                                • Instruction Fuzzy Hash: 4C512571608210AAD700CF788C80BABBBF5AF42738F744779F5B59A4D0D775D8468761
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04C550 Relevance: 12.3, APIs: 8, Instructions: 262sleepnetworkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 419 6c04c550-6c04c572 420 6c04c574-6c04c57f 419->420 421 6c04c58c-6c04c595 419->421 420->421 424 6c04c581-6c04c585 420->424 422 6c04c876-6c04c88d call 6c08b7ea 421->422 423 6c04c59b 421->423 425 6c04c5a1-6c04c5c4 WSASetLastError call 6c08b7ea 423->425 426 6c04c86f-6c04c870 Sleep 423->426 428 6c04c5c5-6c04c5ee 424->428 429 6c04c587-6c04c58a 424->429 426->422 432 6c04c5f0-6c04c5fd 428->432 429->421 429->424 434 6c04c603-6c04c60e 432->434 435 6c04c6dd-6c04c6e4 432->435 437 6c04c614-6c04c629 434->437 438 6c04c6d9 434->438 435->432 436 6c04c6ea-6c04c6f6 435->436 439 6c04c6f8 436->439 440 6c04c709-6c04c70b 436->440 441 6c04c652-6c04c655 437->441 442 6c04c62b-6c04c62f 437->442 438->435 445 6c04c702-6c04c707 439->445 446 6c04c6fa-6c04c700 439->446 447 6c04c743-6c04c749 440->447 448 6c04c70d-6c04c70f 440->448 443 6c04c657-6c04c65b 441->443 444 6c04c68d-6c04c693 441->444 449 6c04c631-6c04c635 442->449 450 6c04c63c-6c04c63e 442->450 453 6c04c65d 443->453 454 6c04c66e-6c04c670 443->454 455 6c04c6d5 444->455 456 6c04c695-6c04c699 444->456 445->440 446->440 446->445 451 6c04c75f-6c04c786 447->451 452 6c04c74b 447->452 448->447 457 6c04c711-6c04c713 448->457 449->450 458 6c04c637-6c04c63a 449->458 450->441 459 6c04c640-6c04c643 450->459 464 6c04c794-6c04c7c9 select 451->464 460 6c04c751-6c04c753 452->460 461 6c04c74d-6c04c74f 452->461 462 6c04c660-6c04c667 453->462 454->444 463 6c04c672-6c04c675 454->463 455->438 465 6c04c6ae-6c04c6b0 456->465 466 6c04c69b 456->466 457->447 467 6c04c715-6c04c717 457->467 458->449 458->450 459->441 468 6c04c645-6c04c64e 459->468 460->464 461->460 469 6c04c755-6c04c757 461->469 462->454 470 6c04c669-6c04c66c 462->470 463->444 471 6c04c677-6c04c686 463->471 472 6c04c7d0-6c04c7d2 464->472 476 6c04c6b2-6c04c6b5 465->476 477 6c04c6cd-6c04c6d1 465->477 473 6c04c6a0-6c04c6a7 466->473 474 6c04c720 467->474 475 6c04c719-6c04c71b 467->475 468->441 478 6c04c788-6c04c78a 469->478 479 6c04c759 469->479 470->454 470->462 471->444 480 6c04c7d4 472->480 481 6c04c7f0 472->481 473->465 482 6c04c6a9-6c04c6ac 473->482 483 6c04c735-6c04c73e Sleep 474->483 484 6c04c722-6c04c730 WSASetLastError 474->484 475->472 476->477 485 6c04c6b7-6c04c6c6 476->485 477->455 478->464 489 6c04c78c-6c04c790 478->489 479->451 488 6c04c75b-6c04c75d 479->488 490 6c04c7d7-6c04c7ef call 6c08b7ea 480->490 486 6c04c7f6-6c04c7ff 481->486 487 6c04c7f2-6c04c7f4 481->487 482->465 482->473 483->472 484->472 485->477 491 6c04c804-6c04c80f 486->491 487->490 488->451 488->478 489->464 493 6c04c860-6c04c866 491->493 494 6c04c811-6c04c81e __WSAFDIsSet 491->494 493->491 498 6c04c868-6c04c86a 493->498 496 6c04c820 494->496 497 6c04c823-6c04c835 __WSAFDIsSet 494->497 496->497 499 6c04c837 497->499 500 6c04c83b-6c04c84d __WSAFDIsSet 497->500 498->490 499->500 501 6c04c857-6c04c85d 500->501 502 6c04c84f-6c04c854 500->502 501->493 503 6c04c85f 501->503 502->501 503->493
                                                                                                                                APIs
                                                                                                                                • WSASetLastError.WS2_32(00002726,00000000), ref: 6C04C5A6
                                                                                                                                • WSASetLastError.WS2_32(00002726), ref: 6C04C727
                                                                                                                                • Sleep.KERNEL32(?), ref: 6C04C736
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04C817
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04C82E
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04C846
                                                                                                                                • Sleep.KERNEL32(?,00000000), ref: 6C04C870
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastSleep
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1458359878-0
                                                                                                                                • Opcode ID: 01bedd00d25020332ec9546c56dd44610875ed4ad51978b29cc609c68f2304be
                                                                                                                                • Instruction ID: 2474352f9779c3f7dcbae33dadde34096744d6defc16ae948e724bca944f4066
                                                                                                                                • Opcode Fuzzy Hash: 01bedd00d25020332ec9546c56dd44610875ed4ad51978b29cc609c68f2304be
                                                                                                                                • Instruction Fuzzy Hash: D691E671609302CBD725EF29988075FB6E9BF88714F64DE3DE4A9C3A80EB30D5488752
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03F140 Relevance: 30.1, APIs: 10, Strings: 7, Instructions: 382networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 6c03f140-6c03f1b1 1 6c03f1b3 0->1 2 6c03f1b6-6c03f1c6 0->2 1->2 3 6c03f1d5-6c03f1ed call 6c08dd50 2->3 4 6c03f1c8-6c03f1d0 2->4 7 6c03f21b-6c03f22d socket 3->7 8 6c03f1ef-6c03f219 call 6c02e9c0 * 2 3->8 4->3 10 6c03f22f-6c03f232 7->10 8->10 12 6c03f643 10->12 13 6c03f238-6c03f23f 10->13 14 6c03f648-6c03f660 call 6c08b7ea 12->14 15 6c03f241-6c03f249 call 6c04afa0 13->15 16 6c03f24c-6c03f254 13->16 15->16 17 6c03f266-6c03f288 call 6c03da40 16->17 18 6c03f256-6c03f262 16->18 28 6c03f28a-6c03f2c8 call 6c0901e9 * 2 call 6c02a370 call 6c03cf00 call 6c03dad0 17->28 29 6c03f2cd-6c03f2ee call 6c03cfe0 17->29 18->17 28->14 34 6c03f2f0-6c03f2f3 29->34 35 6c03f2f5-6c03f2fa 29->35 34->35 37 6c03f35c 34->37 35->37 38 6c03f2fc-6c03f308 35->38 40 6c03f361-6c03f37c 37->40 38->40 41 6c03f30a-6c03f32d setsockopt 38->41 45 6c03f3a9-6c03f3ac 40->45 46 6c03f37e-6c03f38f call 6c03fab0 40->46 41->40 43 6c03f32f-6c03f35a WSAGetLastError call 6c02a370 call 6c03cfe0 41->43 43->40 47 6c03f3ef-6c03f3f4 45->47 48 6c03f3ae-6c03f3cb getsockopt 45->48 59 6c03f391-6c03f39b 46->59 60 6c03f39d-6c03f3a7 46->60 55 6c03f4b0-6c03f4b6 47->55 56 6c03f3fa-6c03f401 47->56 53 6c03f3d7-6c03f3e9 setsockopt 48->53 54 6c03f3cd-6c03f3d5 48->54 53->47 54->47 54->53 61 6c03f4b8-6c03f4e7 call 6c02e9c0 * 2 55->61 62 6c03f4ee-6c03f4f5 55->62 56->55 63 6c03f407-6c03f426 setsockopt 56->63 59->47 60->48 98 6c03f535-6c03f537 61->98 99 6c03f4e9 61->99 70 6c03f4f7-6c03f4fa 62->70 71 6c03f4fc-6c03f519 call 6c065e90 call 6c03eb00 62->71 67 6c03f439-6c03f498 call 6c03f6f0 * 2 WSAIoctl 63->67 68 6c03f428-6c03f437 call 6c03cfe0 63->68 67->55 91 6c03f49a-6c03f4ad WSAGetLastError call 6c03cfe0 67->91 68->55 70->71 73 6c03f54d-6c03f573 call 6c04afa0 call 6c044760 70->73 71->73 92 6c03f51b-6c03f528 call 6c03dad0 71->92 94 6c03f575-6c03f589 call 6c02dfc0 73->94 95 6c03f58c-6c03f591 73->95 91->55 92->12 108 6c03f52e-6c03f530 92->108 94->95 102 6c03f597-6c03f59e 95->102 103 6c03f639-6c03f641 95->103 98->62 105 6c03f539-6c03f548 call 6c03dad0 98->105 99->62 102->103 107 6c03f5a4-6c03f5ab 102->107 103->14 105->14 110 6c03f5d0-6c03f5db WSAGetLastError 107->110 111 6c03f5ad-6c03f5c0 connect 107->111 108->14 114 6c03f62d-6c03f633 110->114 115 6c03f5dd-6c03f5e3 110->115 111->110 113 6c03f5c2-6c03f5c4 111->113 116 6c03f635-6c03f637 113->116 117 6c03f5c6-6c03f5ce 113->117 114->116 118 6c03f5e5-6c03f5eb 115->118 119 6c03f5ed-6c03f62b call 6c02a370 call 6c03cfe0 call 6c03dad0 115->119 116->14 117->14 118->114 118->119 119->14
                                                                                                                                APIs
                                                                                                                                • socket.WS2_32(?,?,?), ref: 6C03F227
                                                                                                                                • setsockopt.WS2_32(00000000,00000006,00000001,?,00000004), ref: 6C03F325
                                                                                                                                • WSAGetLastError.WS2_32(?,00000100), ref: 6C03F33C
                                                                                                                                • getsockopt.WS2_32(00000000,0000FFFF,00001001,00004020,00000004), ref: 6C03F3C3
                                                                                                                                • setsockopt.WS2_32(00000000,0000FFFF,00001001,00000004,00000004), ref: 6C03F3E9
                                                                                                                                • setsockopt.WS2_32(00000000,0000FFFF,00000008,00004020,00000004), ref: 6C03F41E
                                                                                                                                • WSAIoctl.WS2_32(00000000,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 6C03F490
                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 6C03F49A
                                                                                                                                  • Part of subcall function 6C04AFA0: ioctlsocket.WS2_32(6C02E3F3,8004667E,000000DC), ref: 6C04AFBB
                                                                                                                                  • Part of subcall function 6C044760: QueryPerformanceCounter.KERNEL32(6C014636,6C014636,?,?,6C014636), ref: 6C044773
                                                                                                                                  • Part of subcall function 6C044760: __alldvrm.LIBCMT ref: 6C04478D
                                                                                                                                  • Part of subcall function 6C044760: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C0447B4
                                                                                                                                • connect.WS2_32(00000000,?,?), ref: 6C03F5B7
                                                                                                                                  • Part of subcall function 6C02DFC0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C02E001
                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C03F5D0
                                                                                                                                Strings
                                                                                                                                • Could not set TCP_NODELAY: %s, xrefs: 6C03F349
                                                                                                                                • Failed to set SIO_KEEPALIVE_VALS on fd %d: %d, xrefs: 6C03F4A2
                                                                                                                                • Immediate connect fail for %s: %s, xrefs: 6C03F609
                                                                                                                                • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 6C03F2AE
                                                                                                                                • @, xrefs: 6C03F366
                                                                                                                                • Trying %s:%ld..., xrefs: 6C03F2D9
                                                                                                                                • Failed to set SO_KEEPALIVE on fd %d, xrefs: 6C03F429
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastsetsockopt$Unothrow_t@std@@@__ehfuncinfo$??2@$CounterIoctlPerformanceQuery__alldvrmconnectgetsockoptioctlsocketsocket
                                                                                                                                • String ID: Trying %s:%ld...$ @$Could not set TCP_NODELAY: %s$Failed to set SIO_KEEPALIVE_VALS on fd %d: %d$Failed to set SO_KEEPALIVE on fd %d$Immediate connect fail for %s: %s$sa_addr inet_ntop() failed with errno %d: %s
                                                                                                                                • API String ID: 3224518804-3868455274
                                                                                                                                • Opcode ID: c21a332ddfadefa9f8f86e6dd085354f1cc8a9799e679dae392a6ea6ea60a385
                                                                                                                                • Instruction ID: 04c2e1c54f491f1c5a38ef844df8baa717d9f1531e437a3055400a27bd658447
                                                                                                                                • Opcode Fuzzy Hash: c21a332ddfadefa9f8f86e6dd085354f1cc8a9799e679dae392a6ea6ea60a385
                                                                                                                                • Instruction Fuzzy Hash: C1D1FEB0608312AFE710DF24CC80BAFB7ECAF85708F501929F598C7691DB75E9488B56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03DE40 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 392COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 126 6c03de40-6c03de8c 127 6c03de98-6c03ded0 call 6c044760 126->127 128 6c03de8e 126->128 133 6c03ded2 127->133 134 6c03ded5-6c03ded8 127->134 129 6c03de91-6c03de93 128->129 131 6c03e39c-6c03e3b4 call 6c08b7ea 129->131 133->134 136 6c03deda-6c03dedd 134->136 137 6c03deed-6c03def2 134->137 140 6c03deeb 136->140 141 6c03dedf-6c03dee2 136->141 139 6c03def6-6c03df30 call 6c044810 137->139 145 6c03df36-6c03df38 139->145 146 6c03e389-6c03e397 call 6c03cf00 139->146 140->137 141->139 143 6c03dee4-6c03dee9 141->143 143->137 145->146 147 6c03df3e 145->147 146->131 149 6c03df40-6c03df42 147->149 150 6c03df48-6c03df4f 147->150 149->146 149->150 152 6c03df81 150->152 153 6c03df51-6c03df68 call 6c03eff0 150->153 154 6c03df83-6c03df96 152->154 160 6c03df7a-6c03df7c 153->160 161 6c03df6a-6c03df6d 153->161 156 6c03e242 154->156 157 6c03df9c-6c03dfaf call 6c04c890 154->157 162 6c03e246-6c03e24a 156->162 167 6c03e0f1-6c03e0f4 157->167 168 6c03dfb5-6c03dfeb call 6c044810 157->168 160->131 161->160 164 6c03df6f-6c03df77 call 6c03f0f0 161->164 162->154 165 6c03e250-6c03e252 162->165 164->160 165->131 166 6c03e258-6c03e26f call 6c03f670 165->166 166->129 180 6c03e275-6c03e27c 166->180 171 6c03e0f6-6c03e0fd 167->171 172 6c03e15d-6c03e19b SleepEx getsockopt 167->172 183 6c03e00e 168->183 184 6c03dfed 168->184 171->172 176 6c03e0ff-6c03e101 171->176 178 6c03e1a7 172->178 179 6c03e19d-6c03e1a5 WSAGetLastError 172->179 181 6c03e107-6c03e145 SleepEx getsockopt 176->181 182 6c03e075-6c03e077 176->182 185 6c03e1ab-6c03e1ad 178->185 179->185 186 6c03e282-6c03e288 180->186 187 6c03e320-6c03e327 180->187 188 6c03e147-6c03e14f WSAGetLastError 181->188 189 6c03e154-6c03e158 181->189 182->156 192 6c03e07d-6c03e093 WSASetLastError 182->192 195 6c03e012-6c03e014 183->195 190 6c03dff3-6c03e00c call 6c03cfe0 184->190 191 6c03dfef-6c03dff1 184->191 193 6c03e1b3-6c03e1b9 185->193 194 6c03e28d-6c03e2d8 185->194 198 6c03e348-6c03e387 call 6c02a370 call 6c03cf00 186->198 196 6c03e331-6c03e338 187->196 197 6c03e329-6c03e32f 187->197 188->182 189->182 190->195 191->183 191->190 192->156 202 6c03e099-6c03e0de call 6c045890 call 6c02a370 call 6c03cfe0 192->202 193->194 203 6c03e1bf-6c03e1ca call 6c03cfe0 193->203 199 6c03e2da-6c03e2e4 call 6c03dad0 194->199 200 6c03e2ef-6c03e300 call 6c03eff0 194->200 195->182 204 6c03e016-6c03e01c 195->204 205 6c03e342 196->205 206 6c03e33a-6c03e340 196->206 197->198 198->131 199->200 200->131 222 6c03e306-6c03e308 200->222 224 6c03e1d2-6c03e1de call 6c08b910 202->224 239 6c03e0e4-6c03e0ec 202->239 203->224 204->182 213 6c03e01e-6c03e053 call 6c044810 204->213 205->198 206->198 225 6c03e071 213->225 226 6c03e055 213->226 222->131 228 6c03e30e-6c03e31b call 6c03f0f0 222->228 236 6c03e1e3-6c03e1f8 224->236 225->182 231 6c03e057-6c03e059 226->231 232 6c03e05b-6c03e06e call 6c03f670 226->232 228->131 231->225 231->232 232->225 240 6c03e214-6c03e22c call 6c03f670 236->240 241 6c03e1fa-6c03e1ff 236->241 239->236 248 6c03e22e-6c03e23a 240->248 249 6c03e23c-6c03e240 240->249 241->240 243 6c03e201 241->243 245 6c03e208-6c03e20b 243->245 245->240 247 6c03e20d-6c03e212 245->247 247->240 247->245 248->156 248->249 249->162
                                                                                                                                Strings
                                                                                                                                • connect to %s port %ld failed: %s, xrefs: 6C03E0C5
                                                                                                                                • Failed to connect to %s port %ld: %s, xrefs: 6C03E363
                                                                                                                                • L', xrefs: 6C03E375
                                                                                                                                • Connection failed, xrefs: 6C03E1BF
                                                                                                                                • Connection time-out, xrefs: 6C03E389
                                                                                                                                • After %I64dms connect time, move on!, xrefs: 6C03DFF9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: After %I64dms connect time, move on!$Connection failed$Connection time-out$Failed to connect to %s port %ld: %s$L'$connect to %s port %ld failed: %s
                                                                                                                                • API String ID: 0-68081636
                                                                                                                                • Opcode ID: 8a360ce9a0c91308de2bf2aad0e874b2f469f3635e6a8e322116e7c353c75c01
                                                                                                                                • Instruction ID: 8a03e65bf6b9d85a3483693f52577fbefa624a1efe6df7ca8e7f0062fa277e49
                                                                                                                                • Opcode Fuzzy Hash: 8a360ce9a0c91308de2bf2aad0e874b2f469f3635e6a8e322116e7c353c75c01
                                                                                                                                • Instruction Fuzzy Hash: 0FE1F570609762AFE711DF288880BAAB7E4BF4970CF005718F96C97691D734B9948BD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04C890 Relevance: 16.8, APIs: 11, Instructions: 282networksleepCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 282 6c04c890-6c04c8b4 283 6c04c8d4 282->283 284 6c04c8b6 282->284 287 6c04c8db-6c04c8f3 283->287 285 6c04c8c7-6c04c8d2 284->285 286 6c04c8b8-6c04c8c5 284->286 285->287 286->285 286->287 288 6c04c8f5-6c04c8f8 287->288 289 6c04c94a-6c04c957 287->289 288->289 292 6c04c8fa-6c04c8fc 288->292 290 6c04c970-6c04c989 289->290 291 6c04c959-6c04c96c 289->291 293 6c04c9fc-6c04ca08 290->293 294 6c04c98b-6c04c98f 290->294 291->290 292->289 295 6c04c8fe-6c04c900 292->295 296 6c04ca51-6c04ca57 293->296 297 6c04ca0a-6c04ca21 293->297 298 6c04c991-6c04c998 294->298 299 6c04c99f-6c04c9a1 294->299 300 6c04c930-6c04c949 call 6c08b7ea 295->300 301 6c04c902 295->301 307 6c04ca59 296->307 308 6c04ca6a-6c04ca6c 296->308 302 6c04ca23-6c04ca27 297->302 303 6c04ca2e-6c04ca30 297->303 298->299 304 6c04c99a-6c04c99d 298->304 305 6c04c9a3-6c04c9a6 299->305 306 6c04c9be-6c04c9c2 299->306 309 6c04c904-6c04c928 WSASetLastError call 6c08b7ea 301->309 310 6c04c929-6c04c92a Sleep 301->310 302->303 312 6c04ca29-6c04ca2c 302->312 313 6c04ca44-6c04ca4d 303->313 314 6c04ca32-6c04ca35 303->314 304->298 304->299 305->306 315 6c04c9a8-6c04c9b7 305->315 316 6c04c9c4-6c04c9c8 306->316 317 6c04c9cf-6c04c9d7 306->317 318 6c04ca63-6c04ca68 307->318 319 6c04ca5b-6c04ca61 307->319 321 6c04caa4-6c04caae 308->321 322 6c04ca6e-6c04ca70 308->322 310->300 312->302 312->303 313->296 314->313 326 6c04ca37-6c04ca40 314->326 315->306 316->317 327 6c04c9ca-6c04c9cd 316->327 329 6c04c9ef-6c04c9f8 317->329 330 6c04c9d9-6c04c9e0 317->330 318->308 319->308 319->318 324 6c04cab0 321->324 325 6c04caca-6c04caf1 321->325 322->321 331 6c04ca72-6c04ca74 322->331 332 6c04cab6-6c04cabe 324->332 333 6c04cab2-6c04cab4 324->333 334 6c04caff-6c04cb36 select 325->334 326->313 327->316 327->317 329->293 330->329 335 6c04c9e2-6c04c9eb 330->335 331->321 336 6c04ca76-6c04ca78 331->336 332->334 333->332 337 6c04cac0-6c04cac2 333->337 338 6c04cb3c-6c04cb3e 334->338 335->329 339 6c04ca81 336->339 340 6c04ca7a-6c04ca7c 336->340 343 6c04cac4 337->343 344 6c04caf3-6c04caf5 337->344 345 6c04cb40-6c04cb43 338->345 346 6c04cb48 338->346 341 6c04ca96-6c04ca9f Sleep 339->341 342 6c04ca83-6c04ca91 WSASetLastError 339->342 340->338 341->338 342->338 343->325 350 6c04cac6-6c04cac8 343->350 344->334 351 6c04caf7-6c04cafb 344->351 347 6c04cbe3-6c04cbfb call 6c08b7ea 345->347 348 6c04cb51-6c04cb5d 346->348 349 6c04cb4a-6c04cb4c 346->349 353 6c04cb5f-6c04cb84 __WSAFDIsSet * 2 348->353 354 6c04cb89-6c04cb8c 348->354 349->347 350->325 350->344 351->334 353->354 356 6c04cb86 353->356 357 6c04cbb5-6c04cbb8 354->357 358 6c04cb8e-6c04cb9e __WSAFDIsSet 354->358 356->354 361 6c04cbe1 357->361 362 6c04cbba-6c04cbca __WSAFDIsSet 357->362 359 6c04cba0 358->359 360 6c04cba3-6c04cbb0 __WSAFDIsSet 358->360 359->360 360->357 363 6c04cbb2 360->363 361->347 364 6c04cbcc 362->364 365 6c04cbcf-6c04cbdc __WSAFDIsSet 362->365 363->357 364->365 365->361 366 6c04cbde 365->366 366->361
                                                                                                                                APIs
                                                                                                                                • WSASetLastError.WS2_32(00002726,?,00000000,?), ref: 6C04C909
                                                                                                                                • Sleep.KERNEL32(?,?,00000000,?), ref: 6C04C92A
                                                                                                                                • WSASetLastError.WS2_32(00002726,?,?,00000000,?), ref: 6C04CA88
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04CB68
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04CB7D
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04CB97
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04CBA9
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04CBC3
                                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 6C04CBD5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Sleep
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1644506474-0
                                                                                                                                • Opcode ID: 15b452a6013f390af53686ad9ef715d946f47f332b65330ccc7a9847c064924b
                                                                                                                                • Instruction ID: 2708e8b3a2c97788da8e07e992bac863ad38542eb8531cfef2a97e9762987748
                                                                                                                                • Opcode Fuzzy Hash: 15b452a6013f390af53686ad9ef715d946f47f332b65330ccc7a9847c064924b
                                                                                                                                • Instruction Fuzzy Hash: D7A1CC71709341DBD724EF29888435FB6D9AFC8768F548B3DE4AAC3680E730D91C8686
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03E790 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 204networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • getpeername.WS2_32(?,?,00000000), ref: 6C03E7F4
                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C03E7FE
                                                                                                                                  • Part of subcall function 6C02A370: GetLastError.KERNEL32 ref: 6C02A373
                                                                                                                                • getsockname.WS2_32(?,?,?), ref: 6C03E868
                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C03E872
                                                                                                                                Strings
                                                                                                                                • ssloc inet_ntop() failed with errno %d: %s, xrefs: 6C03E9A2
                                                                                                                                • getpeername() failed with errno %d: %s, xrefs: 6C03E81B
                                                                                                                                • getsockname() failed with errno %d: %s, xrefs: 6C03E88F
                                                                                                                                • ssrem inet_ntop() failed with errno %d: %s, xrefs: 6C03E8FF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$getpeernamegetsockname
                                                                                                                                • String ID: getpeername() failed with errno %d: %s$getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
                                                                                                                                • API String ID: 1444953621-670633250
                                                                                                                                • Opcode ID: 15bb3091023cebd2560abd8d50000b482fb5696c81e76f2e6e6e1e8d1f3aa066
                                                                                                                                • Instruction ID: 8eadf3620fdb7d7b0f53b3ca08af5a32738ddf2bfabf9f0cce6afc8e877ccfbe
                                                                                                                                • Opcode Fuzzy Hash: 15bb3091023cebd2560abd8d50000b482fb5696c81e76f2e6e6e1e8d1f3aa066
                                                                                                                                • Instruction Fuzzy Hash: 5081C271904B419BD721DF24C844BEBB3E8FF88308F145A2EE99D97202EB757585CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C01C158 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 207COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: ; Error string: $Code: $Content-Type$OFFER_API_FAILURE$x-api-key
                                                                                                                                • API String ID: 2427045233-3772275078
                                                                                                                                • Opcode ID: 7d491d337cd80bdd176a7e01797d9317092b8e1063c7ebb81c2333626356295f
                                                                                                                                • Instruction ID: ced18ed4f81912f4724669a890a257f827e4569b9f47dd7a115deadefeb4ec57
                                                                                                                                • Opcode Fuzzy Hash: 7d491d337cd80bdd176a7e01797d9317092b8e1063c7ebb81c2333626356295f
                                                                                                                                • Instruction Fuzzy Hash: C8915A71904258DBEB14DBA4CC90FEDBBF4AF19308F4441D9D509A7B91DB70AA88CFA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08C112 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • __RTC_Initialize.LIBCMT ref: 6C08C159
                                                                                                                                • ___scrt_uninitialize_crt.LIBCMT ref: 6C08C173
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2442719207-0
                                                                                                                                • Opcode ID: 7c3aaa039b3b286a8e88077b4ecb5a37e2adb09f1779eb8f489ad1f4572a4508
                                                                                                                                • Instruction ID: b693b19803ca5edde0563288fd6df9ebd8c0101379ce458ab8be3675fae3a115
                                                                                                                                • Opcode Fuzzy Hash: 7c3aaa039b3b286a8e88077b4ecb5a37e2adb09f1779eb8f489ad1f4572a4508
                                                                                                                                • Instruction Fuzzy Hash: 64419472E07615EADF11AFA9DC40BAE7BF5EB45B68F10C31AE91467B80C7305D058B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0335C0 Relevance: 10.6, APIs: 7, Instructions: 78networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C04EE20: getaddrinfo.WS2_32(?,?,?,?), ref: 6C04EE41
                                                                                                                                  • Part of subcall function 6C04EE20: freeaddrinfo.WS2_32(?), ref: 6C04EF42
                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C033611
                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C033617
                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6C03362D
                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6C03363B
                                                                                                                                • send.WS2_32(?,?), ref: 6C03366A
                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C033674
                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6C033682
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalErrorLastSection$Leave$Enterfreeaddrinfogetaddrinfosend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 891401596-0
                                                                                                                                • Opcode ID: a35f4fdd588d5c80747a08465ef9de434ac33ab5861458adb63b7e58f171e04e
                                                                                                                                • Instruction ID: fad948939b7bd3409ae6091dd1128bc364eb5d9c0bc4d337abacd473ff49fa5b
                                                                                                                                • Opcode Fuzzy Hash: a35f4fdd588d5c80747a08465ef9de434ac33ab5861458adb63b7e58f171e04e
                                                                                                                                • Instruction Fuzzy Hash: F0219F712043019FE710DF64C884B9BB7F8EF49718F504A2DE59AD3A40DB72E9498FA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08C1C2 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 667 6c08c1c2-6c08c1d3 call 6c08c350 670 6c08c1e4-6c08c1eb 667->670 671 6c08c1d5-6c08c1db 667->671 673 6c08c1ed-6c08c1f0 670->673 674 6c08c1f7-6c08c20b dllmain_raw 670->674 671->670 672 6c08c1dd-6c08c1df 671->672 675 6c08c2bd-6c08c2cc 672->675 673->674 676 6c08c1f2-6c08c1f5 673->676 677 6c08c211-6c08c222 dllmain_crt_dispatch 674->677 678 6c08c2b4-6c08c2bb 674->678 679 6c08c228-6c08c23a call 6c013f26 676->679 677->678 677->679 678->675 682 6c08c23c-6c08c23e 679->682 683 6c08c263-6c08c265 679->683 682->683 686 6c08c240-6c08c25e call 6c013f26 call 6c08c112 dllmain_raw 682->686 684 6c08c26c-6c08c27d dllmain_crt_dispatch 683->684 685 6c08c267-6c08c26a 683->685 684->678 687 6c08c27f-6c08c2b1 dllmain_raw 684->687 685->678 685->684 686->683 687->678
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3136044242-0
                                                                                                                                • Opcode ID: fdfac095cc5afe6628ef2c0cee1a132b5d0850a56a90eaa923955ac4fd081f23
                                                                                                                                • Instruction ID: 518525535d17336dd54b18f45a6dd10c4b6604678d8489370d41358d365ea9b8
                                                                                                                                • Opcode Fuzzy Hash: fdfac095cc5afe6628ef2c0cee1a132b5d0850a56a90eaa923955ac4fd081f23
                                                                                                                                • Instruction Fuzzy Hash: 89213572D06615EADF116E95CC80B9F7AF5AB45AA8F118316FD1467A50C7309D018B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03D600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 693 6c03d600-6c03d672 694 6c03d678-6c03d68d 693->694 695 6c03d70e-6c03d72a send 693->695 694->695 698 6c03d68f-6c03d692 694->698 696 6c03d777 695->696 697 6c03d72c-6c03d73a WSAGetLastError 695->697 703 6c03d779 696->703 699 6c03d748-6c03d775 call 6c02a370 call 6c03cf00 697->699 700 6c03d73c-6c03d746 697->700 701 6c03d694-6c03d696 698->701 702 6c03d698-6c03d6af call 6c04c890 698->702 699->703 704 6c03d77c-6c03d794 call 6c08b7ea 700->704 701->695 701->702 702->695 711 6c03d6b1-6c03d6b3 702->711 703->704 711->695 714 6c03d6b5-6c03d6b9 711->714 715 6c03d6eb-6c03d700 recv 714->715 716 6c03d6bb-6c03d6e9 714->716 715->695 717 6c03d702-6c03d705 715->717 716->715 719 6c03d707 716->719 717->695 719->695
                                                                                                                                APIs
                                                                                                                                • recv.WS2_32(?,?,?,00000000), ref: 6C03D6F8
                                                                                                                                • send.WS2_32(?,?,?,00000000), ref: 6C03D71F
                                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?), ref: 6C03D72C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastrecvsend
                                                                                                                                • String ID: Send failure: %s
                                                                                                                                • API String ID: 3418755260-857917747
                                                                                                                                • Opcode ID: 8e4c4fa5846e804a4b42cefb0d4254a7f15e640b9d6ecc76c84a08a6da53080d
                                                                                                                                • Instruction ID: 0fea0b2324296583f77d307dea083d6a517e7ebfb228740635a7e960c785f3ea
                                                                                                                                • Opcode Fuzzy Hash: 8e4c4fa5846e804a4b42cefb0d4254a7f15e640b9d6ecc76c84a08a6da53080d
                                                                                                                                • Instruction Fuzzy Hash: 734180B16143119FDB20CF28CC84B9AB7F5AF89718F144A2CE9ADC7690EB34E944CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03D310 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 720 6c03d310-6c03d370 721 6c03d402-6c03d425 send 720->721 722 6c03d376-6c03d381 720->722 723 6c03d471 721->723 724 6c03d427-6c03d435 WSAGetLastError 721->724 722->721 725 6c03d383-6c03d386 722->725 730 6c03d473-6c03d48b call 6c08b7ea 723->730 726 6c03d442-6c03d46a call 6c02a370 call 6c03cf00 724->726 727 6c03d437-6c03d440 724->727 728 6c03d388-6c03d38a 725->728 729 6c03d38c-6c03d3a3 call 6c04c890 725->729 726->723 727->730 728->721 728->729 729->721 738 6c03d3a5-6c03d3a7 729->738 738->721 740 6c03d3a9-6c03d3ad 738->740 741 6c03d3df-6c03d3f4 recv 740->741 742 6c03d3af-6c03d3dd 740->742 741->721 743 6c03d3f6-6c03d3f9 741->743 742->741 745 6c03d3fb 742->745 743->721 745->721
                                                                                                                                APIs
                                                                                                                                • recv.WS2_32(?,?,?,00000000), ref: 6C03D3EC
                                                                                                                                • send.WS2_32(?,?,?,00000000), ref: 6C03D413
                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C03D427
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastrecvsend
                                                                                                                                • String ID: Send failure: %s
                                                                                                                                • API String ID: 3418755260-857917747
                                                                                                                                • Opcode ID: 15b16953516f2227028c377b7004c465c63c72eadceb9bac999f01bc6babe2da
                                                                                                                                • Instruction ID: b813d7fa759af33e0ba5028ee648c875f7a03d009da951505d871afc6be91636
                                                                                                                                • Opcode Fuzzy Hash: 15b16953516f2227028c377b7004c465c63c72eadceb9bac999f01bc6babe2da
                                                                                                                                • Instruction Fuzzy Hash: F7416E716083119FDB20CF18CC85BAAB7E4AF49718F14862CE9AD87690D774B945CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C078674 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0785D5: GetModuleHandleExW.KERNEL32(00000002,00000000,6C00D89D,?,?,6C078627,00000000,?,6C078668,00000000,?,6C00E4DE,00000000,6C00D89D), ref: 6C0785E1
                                                                                                                                • __Mtx_unlock.LIBCPMT ref: 6C0786BA
                                                                                                                                • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,3448FEB8,?,?,?,6C0B3D7D,000000FF), ref: 6C0786E2
                                                                                                                                • __Mtx_unlock.LIBCPMT ref: 6C07871D
                                                                                                                                • __Cnd_broadcast.LIBCPMT ref: 6C07872E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 420990631-0
                                                                                                                                • Opcode ID: 01d9f7f6a68b7f009631a36464fa8001e70d6cb83cce2f13b8db9b074af49a5f
                                                                                                                                • Instruction ID: 349b9b5b994b20e6d5d74ceee43efb1f9977d5a44f62ff29a7666a27bb818067
                                                                                                                                • Opcode Fuzzy Hash: 01d9f7f6a68b7f009631a36464fa8001e70d6cb83cce2f13b8db9b074af49a5f
                                                                                                                                • Instruction Fuzzy Hash: 07110632A40504FBCA295BA09C00B5F77FCEB16A68B10461BE925E7F40CF39E804CA79
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A3613 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,?,6C0900B6,00000000,?,6C09012E,00000000,00000000,00000000,00000000,00000000,?,?,6C002A61,?), ref: 6C0A3618
                                                                                                                                • _free.LIBCMT ref: 6C0A3675
                                                                                                                                • _free.LIBCMT ref: 6C0A36AB
                                                                                                                                • SetLastError.KERNEL32(00000000,00000008,000000FF,?,6C0900B6,00000000,?,6C09012E,00000000,00000000,00000000,00000000,00000000,?,?,6C002A61), ref: 6C0A36B6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2283115069-0
                                                                                                                                • Opcode ID: 8570cfc8db73426ed85e20f2111c9cd155b446e7b8e25a3e42683e72cc1bed36
                                                                                                                                • Instruction ID: 0279a2a1932c269de51dd85d0b4f32b6a5a39372eae5b5f73ae657fb207442d5
                                                                                                                                • Opcode Fuzzy Hash: 8570cfc8db73426ed85e20f2111c9cd155b446e7b8e25a3e42683e72cc1bed36
                                                                                                                                • Instruction Fuzzy Hash: EA11A3323846003AD65115E95D84F9B36EE97CEABDB654624F124C3BE2EF61C80B8214
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03D1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 813 6c03d1c0-6c03d218 814 6c03d21a-6c03d222 813->814 815 6c03d28d-6c03d2a6 recv 813->815 818 6c03d224-6c03d248 call 6c08dd50 814->818 819 6c03d24a 814->819 816 6c03d2a8-6c03d2b6 WSAGetLastError 815->816 817 6c03d2ee-6c03d308 call 6c08b7ea 815->817 820 6c03d2c0-6c03d2e8 call 6c02a370 call 6c03cf00 816->820 821 6c03d2b8-6c03d2be 816->821 824 6c03d24c-6c03d24e 818->824 819->824 820->817 821->817 828 6c03d250-6c03d26f 824->828 829 6c03d276-6c03d278 824->829 828->829 830 6c03d282-6c03d289 829->830 831 6c03d27a-6c03d280 829->831 830->815 831->817
                                                                                                                                APIs
                                                                                                                                • recv.WS2_32(?,?,?,00000000), ref: 6C03D295
                                                                                                                                • WSAGetLastError.WS2_32 ref: 6C03D2A8
                                                                                                                                  • Part of subcall function 6C02A370: GetLastError.KERNEL32 ref: 6C02A373
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$recv
                                                                                                                                • String ID: Recv failure: %s
                                                                                                                                • API String ID: 316788870-4276829032
                                                                                                                                • Opcode ID: b4a5be89cbb52a2a8f55153141f06eab382b94c0d19d572d8583282368149ad4
                                                                                                                                • Instruction ID: cc55fe0904b837b19e073c08a465e0d7a3f23c704baef5973d5fadee897c5e7a
                                                                                                                                • Opcode Fuzzy Hash: b4a5be89cbb52a2a8f55153141f06eab382b94c0d19d572d8583282368149ad4
                                                                                                                                • Instruction Fuzzy Hash: CE316B706183128FD760CF28C840B9AB7E4EF89304F10892DEA9987650E775A854CB96
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04EE20 Relevance: 4.6, APIs: 3, Instructions: 142networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • getaddrinfo.WS2_32(?,?,?,?), ref: 6C04EE41
                                                                                                                                • freeaddrinfo.WS2_32(?), ref: 6C04EF42
                                                                                                                                • WSASetLastError.WS2_32(00002AF9), ref: 6C04EFC2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastfreeaddrinfogetaddrinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1817844550-0
                                                                                                                                • Opcode ID: 18acc41414ae1f2aec5da5ddda0edb4f0638f5a8559428969278a8981b824ebb
                                                                                                                                • Instruction ID: 4fb2abcb2b95c3ea67ff732df90f7e081498fce6ac041f69ad264210bf0106de
                                                                                                                                • Opcode Fuzzy Hash: 18acc41414ae1f2aec5da5ddda0edb4f0638f5a8559428969278a8981b824ebb
                                                                                                                                • Instruction Fuzzy Hash: DB513771A05312DBEB00CF59D884B0BFBF4BF49704F548629E96487651DB31E918CBD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09C1ED Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateThread.KERNEL32(?,?,Function_0009C091,00000000,?,?), ref: 6C09C236
                                                                                                                                • GetLastError.KERNEL32 ref: 6C09C242
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C09C249
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2744730728-0
                                                                                                                                • Opcode ID: 3d0d551b350937fd170481790938dda344e9f7c3c8192b0556b99b77127d4283
                                                                                                                                • Instruction ID: 96078cb8b6346a072ade097c56edbb0d170e5a07c5e738a7c0ad44302cbed243
                                                                                                                                • Opcode Fuzzy Hash: 3d0d551b350937fd170481790938dda344e9f7c3c8192b0556b99b77127d4283
                                                                                                                                • Instruction Fuzzy Hash: 62016532A05209ABDF05AFE0CC05BDE3BF8EB45668F105019F90296A50DB31DA50FBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09C146 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A3613: GetLastError.KERNEL32(00000000,00000000,?,6C0900B6,00000000,?,6C09012E,00000000,00000000,00000000,00000000,00000000,?,?,6C002A61,?), ref: 6C0A3618
                                                                                                                                  • Part of subcall function 6C0A3613: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6C0900B6,00000000,?,6C09012E,00000000,00000000,00000000,00000000,00000000,?,?,6C002A61), ref: 6C0A36B6
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,6C09C27D,?,?,6C09C0EF,00000000), ref: 6C09C177
                                                                                                                                • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,6C09C27D,?,?,6C09C0EF,00000000), ref: 6C09C18D
                                                                                                                                • ExitThread.KERNEL32 ref: 6C09C196
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1991824761-0
                                                                                                                                • Opcode ID: 3d97c29a9c1c7f241352884aba6701560252a4e3430b11f83185fe08fc93cb03
                                                                                                                                • Instruction ID: 8b8f355da281f0aa1521198b66628a900e62e4a4459c6f1c762dd2538982e548
                                                                                                                                • Opcode Fuzzy Hash: 3d97c29a9c1c7f241352884aba6701560252a4e3430b11f83185fe08fc93cb03
                                                                                                                                • Instruction Fuzzy Hash: 5EF08930D0160467DB116A71C804B9A37F8AF07B68F705A10F836C39A0CB31D545D658
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08C00B Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __RTC_Initialize.LIBCMT ref: 6C08C058
                                                                                                                                  • Part of subcall function 6C08C732: InitializeSListHead.KERNEL32(6C0E7078,6C08C062,6C0E0AB8,00000010,6C08BFF3,?,?,?,6C08C21B,?,00000001,?,?,00000001,?,6C0E0B00), ref: 6C08C737
                                                                                                                                • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6C08C0C2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3231365870-0
                                                                                                                                • Opcode ID: c71434baba6d27a4bc131947959de34a975f6030dac520efac3d0d5fa01d859c
                                                                                                                                • Instruction ID: f1fc1b3fcd31bebe1d021834cb87daabd7be32cd63f9bbeb4ecf7e6af1dabc28
                                                                                                                                • Opcode Fuzzy Hash: c71434baba6d27a4bc131947959de34a975f6030dac520efac3d0d5fa01d859c
                                                                                                                                • Instruction Fuzzy Hash: 3B21053168B3059ADF10BBB89805BDD37F1AF167ACF20C619D55567FC2CF3221489A25
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09C091 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(6C0E0E88,0000000C), ref: 6C09C0A4
                                                                                                                                • ExitThread.KERNEL32 ref: 6C09C0AB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorExitLastThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1611280651-0
                                                                                                                                • Opcode ID: ab6629ab666240da7e78e382042f73fa439ed2043ad5bb77e539d613df1e38b5
                                                                                                                                • Instruction ID: 0fa7ba89c644db556948c9e4821611c44723d6d7dd65cdfa6d3873121e71f535
                                                                                                                                • Opcode Fuzzy Hash: ab6629ab666240da7e78e382042f73fa439ed2043ad5bb77e539d613df1e38b5
                                                                                                                                • Instruction Fuzzy Hash: 17F0AF71A44200AFDF00AFF0C448BAE7BF4FF45754F284A49E40697B51CB35B9099BA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03D130 Relevance: 3.0, APIs: 2, Instructions: 20networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastrecv
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2514157807-0
                                                                                                                                • Opcode ID: d1a488a2cb0d895edcf5deb78a8701a3e3708b58cc2395085f5d0fde4a0978fb
                                                                                                                                • Instruction ID: 5d4e1e79b36f8a5e628632227d1781e670faf18cd8c397014aecad85ece6496d
                                                                                                                                • Opcode Fuzzy Hash: d1a488a2cb0d895edcf5deb78a8701a3e3708b58cc2395085f5d0fde4a0978fb
                                                                                                                                • Instruction Fuzzy Hash: D4E012702083429FDB0ACF20C85471E7AF2FF85315F640E6CF566862E0CB768808AB01
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A86E8 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A370E: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6C0A365E,00000001,00000364,00000008,000000FF,?,6C0900B6,00000000,?,6C09012E,00000000,00000000), ref: 6C0A374F
                                                                                                                                • _free.LIBCMT ref: 6C0A8757
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 614378929-0
                                                                                                                                • Opcode ID: 00bc535c99a395dac5bcfb1ba8a0f60824c72ee8212667124227db6c0cf11dc5
                                                                                                                                • Instruction ID: a8327c5d40538fde08ff44403bcde6b76fb740df431c52878e454a427442769f
                                                                                                                                • Opcode Fuzzy Hash: 00bc535c99a395dac5bcfb1ba8a0f60824c72ee8212667124227db6c0cf11dc5
                                                                                                                                • Instruction Fuzzy Hash: BB012B726047565BC3218FD9D881E8DFBD8EB05374F14071AE545B7AC0E370A91687A4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A370E Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6C0A365E,00000001,00000364,00000008,000000FF,?,6C0900B6,00000000,?,6C09012E,00000000,00000000), ref: 6C0A374F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: fea93fab77a1a0d9e3e24171e23e21f3535b66e6adedc673916bb8e752b3de43
                                                                                                                                • Instruction ID: d66d72ad1b2c51049ce393b6d7163494e4a94ed672e4a69ca38a4c927497e632
                                                                                                                                • Opcode Fuzzy Hash: fea93fab77a1a0d9e3e24171e23e21f3535b66e6adedc673916bb8e752b3de43
                                                                                                                                • Instruction Fuzzy Hash: EBF0E97164662467EB325AE69C41F9F37ECDF49B74F204111EC1497982CB20E70683E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A4B48 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?,6C08C9C2,?,?,?,?,?,6C0083C9,?,?,?), ref: 6C0A4B7A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: 0a4d3c14319ee309ebbbe2bc5fcf445e6de355428434b4e8b5196f82d2e421cd
                                                                                                                                • Instruction ID: 6ba901f2b0a322d924cd75581668067abd7aca97d77860ca4697db2e5e51c78e
                                                                                                                                • Opcode Fuzzy Hash: 0a4d3c14319ee309ebbbe2bc5fcf445e6de355428434b4e8b5196f82d2e421cd
                                                                                                                                • Instruction Fuzzy Hash: CBE0E53D2622117BEA201AEA8C00B8E76DC9B427B8F202220FC1493E92DF10D4028AE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C028C0B Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6C028C12
                                                                                                                                  • Part of subcall function 6C00EA6F: __Mtx_unlock.LIBCPMT ref: 6C00EA96
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_catchMtx_unlock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3963687015-0
                                                                                                                                • Opcode ID: dd31076afc1884f3002e2dd972ba305a6b555df83afd88eb031e094525c2b2fd
                                                                                                                                • Instruction ID: 4821215bac8c57150a20b61cd75b80d5f60edd76a61869691341b5295c4d2832
                                                                                                                                • Opcode Fuzzy Hash: dd31076afc1884f3002e2dd972ba305a6b555df83afd88eb031e094525c2b2fd
                                                                                                                                • Instruction Fuzzy Hash: 4AF0BE35A416048BEF14DB54C912BADB3E1AF41708F68874AD0566BBC0CB757E06CB95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C044FA0 Relevance: 1.5, APIs: 1, Instructions: 21networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • socket.WS2_32(00000017,00000002,00000000), ref: 6C044FBA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: socket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 98920635-0
                                                                                                                                • Opcode ID: 12a2f5431c8ccbd43646961be88ecb4c4225202aac194f5416da659fc297586b
                                                                                                                                • Instruction ID: ba85da96bf8ce6d3ba04119b939e8410c07aae4884934c3a7b0e89c87947885f
                                                                                                                                • Opcode Fuzzy Hash: 12a2f5431c8ccbd43646961be88ecb4c4225202aac194f5416da659fc297586b
                                                                                                                                • Instruction Fuzzy Hash: 73E08C34308240AAED008A349942F9933E0AB02B26F9092A0F6299B6E1C3109800AA21
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00C7CA Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00C7D1
                                                                                                                                  • Part of subcall function 6C009E7E: Concurrency::details::_Release_chore.LIBCPMT ref: 6C009EA8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Concurrency::details::_H_prolog3_Release_chore
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 297851584-0
                                                                                                                                • Opcode ID: 97c7cf850172601515477d04cbfbbc1ae39a546e1b5976676a8da5c7e428aeab
                                                                                                                                • Instruction ID: 45974e8842a6d909e040fcc691146edeeebb900fed4442a03232f1c60bbc711e
                                                                                                                                • Opcode Fuzzy Hash: 97c7cf850172601515477d04cbfbbc1ae39a546e1b5976676a8da5c7e428aeab
                                                                                                                                • Instruction Fuzzy Hash: F7D05E30A41700EBDF219FE084057DDBBB0AF00725F80804CE8952BA80CB717E08CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09404B Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _free.LIBCMT ref: 6C09405E
                                                                                                                                  • Part of subcall function 6C0A376B: RtlFreeHeap.NTDLL(00000000,00000000,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?), ref: 6C0A3781
                                                                                                                                  • Part of subcall function 6C0A376B: GetLastError.KERNEL32(?,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?,?), ref: 6C0A3793
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFreeHeapLast_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1353095263-0
                                                                                                                                • Opcode ID: e3353c9106ad7b910498b4a01e8be9b77d70b7439408a3dae976f1bf9972c162
                                                                                                                                • Instruction ID: 1903e01634ccd4219eec33d893dfd407bf8b2b05c808e5d21ce86f71e2ac1cd2
                                                                                                                                • Opcode Fuzzy Hash: e3353c9106ad7b910498b4a01e8be9b77d70b7439408a3dae976f1bf9972c162
                                                                                                                                • Instruction Fuzzy Hash: A0C08C71000208BBCB019B86C906F8E7BA8DB80668F200044E40017240CBB1EF059680
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04AFA0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ioctlsocket.WS2_32(6C02E3F3,8004667E,000000DC), ref: 6C04AFBB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ioctlsocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3577187118-0
                                                                                                                                • Opcode ID: d3fc51e7c5b7f752286778214b0850382e26817fa0750498a4f4a0a3f7f9a820
                                                                                                                                • Instruction ID: 75e5f13b4b89cff660f243ee1c7201c1fe842329897d1c6e18a2d5baea9cb5eb
                                                                                                                                • Opcode Fuzzy Hash: d3fc51e7c5b7f752286778214b0850382e26817fa0750498a4f4a0a3f7f9a820
                                                                                                                                • Instruction Fuzzy Hash: 47C00271908206FFCB019F70C94489ABBF9EB85255F25C93EB189D2030EB3195A4DB06
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 6C046270 Relevance: 122.7, APIs: 2, Strings: 67, Instructions: 1903COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C046951
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C04695E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr
                                                                                                                                • String ID: %s$%s $%s HTTP/%s%s%s%s%s%s%s%s%s%s%s%s%s$%s%s$%s%s=%s$%s: %s, %02d %s %4d %02d:%02d:%02d GMT$%s?%s$%x$/$0$1.0$1.1$100-continue$;type=$;type=%c$?%s$Accept$Accept-Encoding$Accept-Encoding: %s$Accept: */*$Chunky upload is not supported by HTTP 1.0$Content-Length$Content-Length: %I64d$Content-Length: 0$Content-Range$Content-Range: bytes %s%I64d/%I64d$Content-Range: bytes %s/%I64d$Content-Range: bytes 0-%I64d/%I64d$Content-Type$Content-Type: application/x-www-form-urlencoded$Cookie$Cookie: $Could not seek stream$Could only read %I64d bytes from the input$Expect$Expect:$Failed sending HTTP POST request$Failed sending HTTP request$Failed sending POST request$Failed sending PUT request$File already completely uploaded$GET$HEAD$Host$Host:$Host: %s%s%s$Host: %s%s%s:%d$Host:%s$If-Modified-Since$If-Unmodified-Since$Invalid TIMEVALUE$Last-Modified$Proxy-Connection$Proxy-Connection: Keep-Alive$Range$Range: bytes=%s$Referer$Referer: %s$Transfer-Encoding$Transfer-Encoding:$User-Agent$chunked$ftp$ftp://%s:%s@%s$http$multipart/form-data$upload completely sent off: %I64d out of %I64d bytes
                                                                                                                                • API String ID: 601868998-397328936
                                                                                                                                • Opcode ID: 890d4ba8a7d42464cbefe6042a1f6388caa6756894ca0b06dcf359ef484f7ac5
                                                                                                                                • Instruction ID: 2be5f32136180b04bd6ac26ddf4c33cff5d027b555789756221511d4b5358097
                                                                                                                                • Opcode Fuzzy Hash: 890d4ba8a7d42464cbefe6042a1f6388caa6756894ca0b06dcf359ef484f7ac5
                                                                                                                                • Instruction Fuzzy Hash: AFE2E5B0A08742EBD7149F248C40BAB7BE8AF4530DF048679EC58D7A52F771E558CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03FC50 Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 203libraryloadernetworkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WSAStartup.WS2_32(00000202,3448FEB8), ref: 6C03FC77
                                                                                                                                • WSACleanup.WS2_32 ref: 6C03FC8F
                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,00000001,00000000,6C0E6598), ref: 6C03FCC6
                                                                                                                                • GetProcAddress.KERNEL32(00000000,LoadLibraryExA), ref: 6C03FCEA
                                                                                                                                • _strpbrk.LIBCMT ref: 6C03FCF8
                                                                                                                                • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 6C03FD1F
                                                                                                                                • GetProcAddress.KERNEL32(00000000,AddDllDirectory), ref: 6C03FD36
                                                                                                                                • GetSystemDirectoryA.KERNEL32(00000000,00000000), ref: 6C03FD55
                                                                                                                                • GetSystemDirectoryA.KERNEL32(00000000,00000000), ref: 6C03FD76
                                                                                                                                • LoadLibraryA.KERNEL32(00000000), ref: 6C03FDCE
                                                                                                                                • GetProcAddress.KERNEL32(00000000,if_nametoindex), ref: 6C03FDF6
                                                                                                                                • VerSetConditionMask.KERNEL32(?,?,00000000,00000000,00000002,00000003), ref: 6C03FE4E
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003,?,?,00000000,00000000,00000002,00000003), ref: 6C03FE56
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003,?,?,00000000,00000000,00000002,00000003), ref: 6C03FE5E
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,?,00000010,00000003,?,00000020,00000003,?,00000001,00000003,?,?,00000000,00000000,00000002,00000003), ref: 6C03FE66
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,00000003,?,00000020,00000003,?,00000001,00000003,?,?,00000000), ref: 6C03FE6E
                                                                                                                                • VerifyVersionInfoA.KERNEL32(?,00000033,00000000), ref: 6C03FE79
                                                                                                                                • QueryPerformanceFrequency.KERNEL32(6C0E7820,?,?,00000008,00000001,?,00000010,00000003,?,00000020,00000003,?,00000001,00000003), ref: 6C03FE97
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConditionMask$AddressProc$DirectoryLibraryLoadSystem$CleanupFrequencyHandleInfoModulePerformanceQueryStartupVerifyVersion_strpbrk
                                                                                                                                • String ID: AddDllDirectory$LoadLibraryExA$if_nametoindex$iphlpapi.dll$kernel32
                                                                                                                                • API String ID: 1857062637-2794540096
                                                                                                                                • Opcode ID: c27669f4a258e16ebe45a1f5220a91467100aa020f9d65555adb61643c06445f
                                                                                                                                • Instruction ID: ce5a6609bfb3d19e16a79baa344f67b947ef5c799a65b090cea3072182b045b8
                                                                                                                                • Opcode Fuzzy Hash: c27669f4a258e16ebe45a1f5220a91467100aa020f9d65555adb61643c06445f
                                                                                                                                • Instruction Fuzzy Hash: 6F5148347443166BEB219B348C19FAB3BFDAF8AB48F100858FA0CDB681DF75D5058655
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03EB00 Relevance: 31.9, APIs: 10, Strings: 8, Instructions: 369networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • Name '%s' family %i resolved to '%s' family %i, xrefs: 6C03EDEE
                                                                                                                                • Bind to local port %hu failed, trying next, xrefs: 6C03EEE5
                                                                                                                                • Couldn't bind to interface '%s', xrefs: 6C03ED5D
                                                                                                                                • Local Interface %s is ip %s using address family %i, xrefs: 6C03ECCE
                                                                                                                                • Couldn't bind to '%s', xrefs: 6C03EE64
                                                                                                                                • Local port: %hu, xrefs: 6C03EFBB
                                                                                                                                • getsockname() failed with errno %d: %s, xrefs: 6C03EF6A
                                                                                                                                • bind failed with errno %d: %s, xrefs: 6C03EFA2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: bindhtons$___from_strstr_to_strchr
                                                                                                                                • String ID: Bind to local port %hu failed, trying next$Couldn't bind to '%s'$Couldn't bind to interface '%s'$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$getsockname() failed with errno %d: %s
                                                                                                                                • API String ID: 3130063437-2769131373
                                                                                                                                • Opcode ID: 02876657bef481d20a1940b1f13b8c4d47e302bd5fa62fd4a04350c36c03df17
                                                                                                                                • Instruction ID: 8ecb8eae80be658c0bf33ed3c6f048ec3e1d956cdcf7bcbdeac58ad1cbe42917
                                                                                                                                • Opcode Fuzzy Hash: 02876657bef481d20a1940b1f13b8c4d47e302bd5fa62fd4a04350c36c03df17
                                                                                                                                • Instruction Fuzzy Hash: BBD1B371608356AFD711DF24CC44FAB77E8AF4A308F041A29F89CD7641E775E9098BA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00A56D Relevance: 28.3, APIs: 14, Strings: 2, Instructions: 253encryptionmemoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 6C00A577
                                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 6C00A5DF
                                                                                                                                • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6C00A666
                                                                                                                                • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 6C00A683
                                                                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 6C00A693
                                                                                                                                • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 6C00A6AE
                                                                                                                                • CertFindCertificateInStore.CRYPT32(?,00010001,00000000,000B0000,?,00000000), ref: 6C00A6F3
                                                                                                                                • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C00A70C
                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 6C00A716
                                                                                                                                • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,00000000), ref: 6C00A72C
                                                                                                                                • LocalFree.KERNEL32(?,?,?), ref: 6C00A864
                                                                                                                                • CertFreeCertificateContext.CRYPT32(?), ref: 6C00A875
                                                                                                                                • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C00A88B
                                                                                                                                • CryptMsgClose.CRYPT32(00000000), ref: 6C00A8A0
                                                                                                                                Strings
                                                                                                                                • '; actual: ', xrefs: 6C00A792
                                                                                                                                • Fallback verification failed ... expected: ', xrefs: 6C00A784
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Cert$Crypt$Local$AllocCertificateCloseFreeNameParamStoreString$ContextFindH_prolog3_catch_ObjectPathQueryTemp
                                                                                                                                • String ID: '; actual: '$Fallback verification failed ... expected: '
                                                                                                                                • API String ID: 1491834455-585816740
                                                                                                                                • Opcode ID: bc778517db9eeb1a04565755ff954e0cba4e143e66d2128132df1f66de86cbb3
                                                                                                                                • Instruction ID: cfdfbad62e19f55f0f3fe9baea98f6c53fa52e2bd67811fc5526f3a6d280adf3
                                                                                                                                • Opcode Fuzzy Hash: bc778517db9eeb1a04565755ff954e0cba4e143e66d2128132df1f66de86cbb3
                                                                                                                                • Instruction Fuzzy Hash: 76B12BB1A41219AFDB25DB64CC98BDAB7FCAF19304F1040E9E509A3251DB746F88CF60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C037F90 Relevance: 14.4, Strings: 11, Instructions: 671COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • Server doesn't support multiplex (yet), xrefs: 6C0380D0
                                                                                                                                • Multiplexed connection found!, xrefs: 6C038827
                                                                                                                                • Found pending candidate for reuse and CURLOPT_PIPEWAIT is set, xrefs: 6C03887E
                                                                                                                                • can multiplex, xrefs: 6C038079, 6C038081
                                                                                                                                • Can not multiplex, even if we wanted to!, xrefs: 6C038113
                                                                                                                                • Connection #%ld is still name resolving, can't reuse, xrefs: 6C03818C
                                                                                                                                • serially, xrefs: 6C038074
                                                                                                                                • Server doesn't support multiplex yet, wait, xrefs: 6C0380AB
                                                                                                                                • Could multiplex, but not asked to!, xrefs: 6C0380FA
                                                                                                                                • Connection #%ld isn't open enough, can't reuse, xrefs: 6C0381B3
                                                                                                                                • Found bundle for host %s: %p [%s], xrefs: 6C038087
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Can not multiplex, even if we wanted to!$Connection #%ld is still name resolving, can't reuse$Connection #%ld isn't open enough, can't reuse$Could multiplex, but not asked to!$Found bundle for host %s: %p [%s]$Found pending candidate for reuse and CURLOPT_PIPEWAIT is set$Multiplexed connection found!$Server doesn't support multiplex (yet)$Server doesn't support multiplex yet, wait$can multiplex$serially
                                                                                                                                • API String ID: 0-2774518510
                                                                                                                                • Opcode ID: 3d899eafc1f2121f5c08898266bb920ff6c392cae1d022cd65d2aa2b50d8bb1b
                                                                                                                                • Instruction ID: 3927f56378cb42ae0ee6e9087bca74873bbd3a48d0969378d7ba3c655450ddaa
                                                                                                                                • Opcode Fuzzy Hash: 3d899eafc1f2121f5c08898266bb920ff6c392cae1d022cd65d2aa2b50d8bb1b
                                                                                                                                • Instruction Fuzzy Hash: 5442D37160C6A39BD7128E358884BDA7BE66F0230CF5827D7D99CCBA02D732E649C751
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C036BC0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 387COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: public key hash: sha256//%s$-----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$;sha256//$Z$Z$sha256//
                                                                                                                                • API String ID: 0-3683022508
                                                                                                                                • Opcode ID: cffbc1ad0db1854a4089679c85b2c17a46e71eea246f656ce055a271449ce185
                                                                                                                                • Instruction ID: a503aef9926d2f7c0afcab6424b81ee5800a73fec3e6df59d93dc89df872a287
                                                                                                                                • Opcode Fuzzy Hash: cffbc1ad0db1854a4089679c85b2c17a46e71eea246f656ce055a271449ce185
                                                                                                                                • Instruction Fuzzy Hash: C0C13972A0C3624BDB114E28CD4075A7BF5BF8631CF585758E8ED87B91DB31E40A8792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AE86F Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                • GetACP.KERNEL32(?,?,?,?,?,?,6C0A53EC,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6C0AE930
                                                                                                                                • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6C0A53EC,?,?,?,00000055,?,-00000050,?,?), ref: 6C0AE95B
                                                                                                                                • _wcschr.LIBVCRUNTIME ref: 6C0AE9EF
                                                                                                                                • _wcschr.LIBVCRUNTIME ref: 6C0AE9FD
                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6C0AEABE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                • String ID: utf8
                                                                                                                                • API String ID: 4147378913-905460609
                                                                                                                                • Opcode ID: 870650095e12318f42d5ec69f89d849581d539706df600c036c8693a7febb9db
                                                                                                                                • Instruction ID: d919ecc2465019bc22c348144dd42a0407a0712f0ffae8ee633e7e4321f759d5
                                                                                                                                • Opcode Fuzzy Hash: 870650095e12318f42d5ec69f89d849581d539706df600c036c8693a7febb9db
                                                                                                                                • Instruction Fuzzy Hash: 41711931600702AAEB14DBF5CC45BAA73E8EF49708F100529E539D7A82EB70F56687E4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02A460 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32 ref: 6C02A463
                                                                                                                                • FormatMessageA.KERNEL32(00001200,00000000,?,00000000,?,?,00000000), ref: 6C02A49F
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C02A4AE
                                                                                                                                • GetLastError.KERNEL32 ref: 6C02A4FD
                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6C02A508
                                                                                                                                Strings
                                                                                                                                • Unknown error %u (0x%08X), xrefs: 6C02A4DA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$FormatMessage___from_strstr_to_strchr
                                                                                                                                • String ID: Unknown error %u (0x%08X)
                                                                                                                                • API String ID: 2059190824-1058733786
                                                                                                                                • Opcode ID: 4e9e2a1ec6e81ad19943c50581d44f07bb5e38da76f29ec9118f872e7e58ef99
                                                                                                                                • Instruction ID: 3588354c9c261179a6b35b53e9db8e400da67f22225777ac8a61003841ec47e5
                                                                                                                                • Opcode Fuzzy Hash: 4e9e2a1ec6e81ad19943c50581d44f07bb5e38da76f29ec9118f872e7e58ef99
                                                                                                                                • Instruction Fuzzy Hash: 5311363024A341AFE7109A659C0CB4FBBECAF82B59F34045AF44A87A82DF64D8408371
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04B900 Relevance: 10.2, Strings: 8, Instructions: 225COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d
                                                                                                                                • API String ID: 0-2102732564
                                                                                                                                • Opcode ID: f0bdfab91b1d850ca07963b362f422b8c5c2baa57da1ffdcceca1e01f18e1d2d
                                                                                                                                • Instruction ID: e9d0c695547ddd51eb1700543edf79edd75ca00ab4ea5195c6885d980a5d3552
                                                                                                                                • Opcode Fuzzy Hash: f0bdfab91b1d850ca07963b362f422b8c5c2baa57da1ffdcceca1e01f18e1d2d
                                                                                                                                • Instruction Fuzzy Hash: 0E515B72704B059BE708DD2DDC90F6FB1D5E788318F88893CF946D7B92E2A8DD054292
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AEFFB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,6C0AF319,00000002,00000000,?,?,?,6C0AF319,?,00000000), ref: 6C0AF094
                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,6C0AF319,00000002,00000000,?,?,?,6C0AF319,?,00000000), ref: 6C0AF0BD
                                                                                                                                • GetACP.KERNEL32(?,?,6C0AF319,?,00000000), ref: 6C0AF0D2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID: ACP$OCP
                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                • Opcode ID: 3faea46f101add6ba27b70cc219daa84f8d93dee1970725f1f20d43e0a0bfbf0
                                                                                                                                • Instruction ID: 9d7cc6fc0917c5aa32614664a4ba7fe97fa579f1d06f8564ef7cecea65d73dfe
                                                                                                                                • Opcode Fuzzy Hash: 3faea46f101add6ba27b70cc219daa84f8d93dee1970725f1f20d43e0a0bfbf0
                                                                                                                                • Instruction Fuzzy Hash: 0E21B332744201AAE7249FDBC900F8B73FEAB45B59B578564EA09D7912EB33DD42C350
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C063640 Relevance: 8.0, Strings: 6, Instructions: 459COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %%25%s]$%ld$%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$file$file://%s%s%s$https
                                                                                                                                • API String ID: 0-1832275178
                                                                                                                                • Opcode ID: 398eaf6ab086eaa3a94c261827125bf5a5eebe1d27791d363b822d1a39c9be1c
                                                                                                                                • Instruction ID: 3e39ba4fa313820efbeb1ed691a9b76536eaa133e4373f48f2b882fdb9e8cff9
                                                                                                                                • Opcode Fuzzy Hash: 398eaf6ab086eaa3a94c261827125bf5a5eebe1d27791d363b822d1a39c9be1c
                                                                                                                                • Instruction Fuzzy Hash: 02F1D2B16083019FDB10CF2AC841B6BB7E5AF89358F54492DE89AD7F50D735EA048B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AF1D0 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                  • Part of subcall function 6C0A34BC: _free.LIBCMT ref: 6C0A351E
                                                                                                                                  • Part of subcall function 6C0A34BC: _free.LIBCMT ref: 6C0A3554
                                                                                                                                • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6C0AF2DC
                                                                                                                                • IsValidCodePage.KERNEL32(00000000), ref: 6C0AF325
                                                                                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 6C0AF334
                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6C0AF37C
                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6C0AF39B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 949163717-0
                                                                                                                                • Opcode ID: 712f30ca78c06a996400dc3bce59f2353aca155059b4c8b3c698ef887b0e7ef6
                                                                                                                                • Instruction ID: bbaec61fbe1ff00483139fe80076f49bb725cf553282c1a982d3659d4d4ef92d
                                                                                                                                • Opcode Fuzzy Hash: 712f30ca78c06a996400dc3bce59f2353aca155059b4c8b3c698ef887b0e7ef6
                                                                                                                                • Instruction Fuzzy Hash: 55515E76A01215ABEF00DFE4CC44BEE77FCAF09704F204469EA25E7581DB71E9468B61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C097050 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Onl$Onl
                                                                                                                                • API String ID: 0-3897840060
                                                                                                                                • Opcode ID: 99950bee08baeb8ec4ccbcd4ce94d7fca5ae0121d729b2710249be8953e12ed5
                                                                                                                                • Instruction ID: 2cd48123eef15acf24cf79fc4cebf5a4ac8fd733220ecb4d95f19c3d90a9dff2
                                                                                                                                • Opcode Fuzzy Hash: 99950bee08baeb8ec4ccbcd4ce94d7fca5ae0121d729b2710249be8953e12ed5
                                                                                                                                • Instruction Fuzzy Hash: CFF13D72E012199BDF14CFADC88079DBBF1FF88314F258269D919AB745D731A941CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04E470 Relevance: 6.7, Strings: 5, Instructions: 488COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %02d:%02d%n$%02d:%02d:%02d%n$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]$<$GMT
                                                                                                                                • API String ID: 0-1549881504
                                                                                                                                • Opcode ID: 2ca6f70717abeb95dbb94df3fa61bd04716d727b87fa9fd1a8dee4a6e49f58b7
                                                                                                                                • Instruction ID: 6485050bf63bd765adfd284b100ddf438454f72e142f7e506223d11c57133af4
                                                                                                                                • Opcode Fuzzy Hash: 2ca6f70717abeb95dbb94df3fa61bd04716d727b87fa9fd1a8dee4a6e49f58b7
                                                                                                                                • Instruction Fuzzy Hash: 0CF17F71A083018FC714DE69884075FF6E5ABC9368F548B3EF5B9D7A90E730E9458B82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08C577 Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6C08C583
                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 6C08C64F
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C08C66F
                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 6C08C679
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 254469556-0
                                                                                                                                • Opcode ID: 789c69b5032787c091c0b691a7ccc711f5cfc2066fe6a26d00299cf58ea4bfd3
                                                                                                                                • Instruction ID: 029c10cb19ed0a9c923f7d14c312ad26fca2d9e83a6e8226fca2ac28d3fecb01
                                                                                                                                • Opcode Fuzzy Hash: 789c69b5032787c091c0b691a7ccc711f5cfc2066fe6a26d00299cf58ea4bfd3
                                                                                                                                • Instruction Fuzzy Hash: AC311A75D0621C9BDF10DFA4C949BCCBBF8BF08304F1081AAE50DA7250EB719A888F45
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AEC82 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                  • Part of subcall function 6C0A34BC: _free.LIBCMT ref: 6C0A351E
                                                                                                                                  • Part of subcall function 6C0A34BC: _free.LIBCMT ref: 6C0A3554
                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C0AECD6
                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C0AED20
                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C0AEDE6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale$ErrorLast_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3140898709-0
                                                                                                                                • Opcode ID: 067ee1b5eccae4ed42dae52030c6d5b529cf812768aab9958092c31b1d139800
                                                                                                                                • Instruction ID: 730ae84be01a98ef60cf4920a30b6ab1711bf533c25824376cd0f2da3763f359
                                                                                                                                • Opcode Fuzzy Hash: 067ee1b5eccae4ed42dae52030c6d5b529cf812768aab9958092c31b1d139800
                                                                                                                                • Instruction Fuzzy Hash: 606181715042079FEB15CFE9CD82BAA77E8EF04308F104169D925C6A86F774E9A6CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08FF63 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 6C09005B
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 6C090065
                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 6C090072
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                • Opcode ID: e80cbd788124b5df1230af7428b9ae02958b49626c014a509563e45feb6e050c
                                                                                                                                • Instruction ID: 3a643568c1de9db938c1cb8b41a8ccd6609bf3bbbbaa0eb345f4f4ee65dd8ec9
                                                                                                                                • Opcode Fuzzy Hash: e80cbd788124b5df1230af7428b9ae02958b49626c014a509563e45feb6e050c
                                                                                                                                • Instruction Fuzzy Hash: 7931B7759012289BCF21DF64D8887DCBBF8BF08714F5086EAE41CA7250EB709B858F44
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09FB17 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,6C09FB16,?,00000074,?,?,?,?), ref: 6C09FB39
                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,6C09FB16,?,00000074,?,?,?,?), ref: 6C09FB40
                                                                                                                                • ExitProcess.KERNEL32 ref: 6C09FB52
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                • Opcode ID: bba0f1f9ca05a92bf9bd29f1c124fa488f50494cb100d24d32d046568cc620f4
                                                                                                                                • Instruction ID: 4ae824116423922480488f3fbf5578a6891d1bf5e83d7fd01cea5d155c48a5b8
                                                                                                                                • Opcode Fuzzy Hash: bba0f1f9ca05a92bf9bd29f1c124fa488f50494cb100d24d32d046568cc620f4
                                                                                                                                • Instruction Fuzzy Hash: D7E0B631501548ABCF11AF54CA58B897BBAEB42749F204914F90996A31CB36E986EE84
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C078E94 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetSystemTimePreciseAsFileTime.KERNEL32(?,6C073EF5,00000016,00000002,00000002,?,6C073F2A,?,00000002,6C019B36,00000002,00000002,?,6C0740C5,00000000,00000001), ref: 6C078EAD
                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000016,00000002,?,6C073EF5,00000016,00000002,00000002,?,6C073F2A,?,00000002,6C019B36,00000002,00000002,?,6C0740C5), ref: 6C078EB1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Time$FileSystem$Precise
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 743729956-0
                                                                                                                                • Opcode ID: b6077900d1b6cc77c7e88b105f0c1a7e40a1234d8225e677f5f22609f3f8eb65
                                                                                                                                • Instruction ID: ba7e6ddf65fbfec94f8193d8c6ed493ae2b8f7e87b7ef13aed7043018ad94fa8
                                                                                                                                • Opcode Fuzzy Hash: b6077900d1b6cc77c7e88b105f0c1a7e40a1234d8225e677f5f22609f3f8eb65
                                                                                                                                • Instruction Fuzzy Hash: FED0C932A46538AB8E156B98D80499DBFA9EA0AB613540126FA05AA614CF7259004BE9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02E4C0 Relevance: 1.9, APIs: 1, Instructions: 351COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 92a60d148579458dbb07530c5aa839364fe076d082f2451256c0497df77e7683
                                                                                                                                • Instruction ID: f7044a67b88ded690fc850c8d1d53e53016faa7ef351229ced182d1c9121e804
                                                                                                                                • Opcode Fuzzy Hash: 92a60d148579458dbb07530c5aa839364fe076d082f2451256c0497df77e7683
                                                                                                                                • Instruction Fuzzy Hash: 39D1C071A493468FD710CF69C84076AB7E5FF88309F544A2DE8E8D7790E738E9058B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A0AAA Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 6C0A0CD7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                • Opcode ID: d10b22750bb6df3117e0914c5a4055698aa21a7d5e4791ca01b300487fbdc0c0
                                                                                                                                • Instruction ID: 571c2b9d4ea022ed2105fc19b8947a1c1bef4d84ab1fe603635d67c06a539da3
                                                                                                                                • Opcode Fuzzy Hash: d10b22750bb6df3117e0914c5a4055698aa21a7d5e4791ca01b300487fbdc0c0
                                                                                                                                • Instruction Fuzzy Hash: 10B16D32214649DFDB05CF98C486B557BE0FF4536CF258658E8AACF6A2C335E982CB40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08C39A Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6C08C3B0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FeaturePresentProcessor
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2325560087-0
                                                                                                                                • Opcode ID: d94d3542fbe82923eb29a9e771017c96795171c95b8f10af58a8c1cbb46803c6
                                                                                                                                • Instruction ID: 7705244cf53401781fb1b1ce0d631a6ed13cc18f84b524a193c858750358576e
                                                                                                                                • Opcode Fuzzy Hash: d94d3542fbe82923eb29a9e771017c96795171c95b8f10af58a8c1cbb46803c6
                                                                                                                                • Instruction Fuzzy Hash: D9516CB1A46205CFDF44CFA5C481BAABBF0FB49B14F20826AD415EB681DB74A941CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AEED5 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                  • Part of subcall function 6C0A34BC: _free.LIBCMT ref: 6C0A351E
                                                                                                                                  • Part of subcall function 6C0A34BC: _free.LIBCMT ref: 6C0A3554
                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C0AEF29
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_free$InfoLocale
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2003897158-0
                                                                                                                                • Opcode ID: 698191ba910f5bce488f61cf8f31538bbf1239a84084dd31cf26d30a73ff05d6
                                                                                                                                • Instruction ID: 0012f578237a19eee36ff8c932bca3ac9cd0248deffb1d22ff196020daa18197
                                                                                                                                • Opcode Fuzzy Hash: 698191ba910f5bce488f61cf8f31538bbf1239a84084dd31cf26d30a73ff05d6
                                                                                                                                • Instruction Fuzzy Hash: 3821C572605216AFDB188EE5CC41BBA77ECEF48308F10017AED25C7642EB34ED568790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AEB5C Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                • EnumSystemLocalesW.KERNEL32(6C0AEC82,00000001,00000000,?,-00000050,?,6C0AF2B0,00000000,?,?,?,00000055,?), ref: 6C0AEBCE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                • Opcode ID: 7534fbb1744b4ddf307b1ac12dc3d7885f8c678abfc912036b3e88a72fcb0cd0
                                                                                                                                • Instruction ID: 7649c9f4ee5fdce1fcea5e22fc06f334f131fe7e1e3f3190a67ab4880c27ce5a
                                                                                                                                • Opcode Fuzzy Hash: 7534fbb1744b4ddf307b1ac12dc3d7885f8c678abfc912036b3e88a72fcb0cd0
                                                                                                                                • Instruction Fuzzy Hash: 171102362043019FDB189FB988946AABBE1FB8436CB18452CD99787F41D371B913CB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AF101 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6C0AEE9E,00000000,00000000,?), ref: 6C0AF12D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$InfoLocale
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3736152602-0
                                                                                                                                • Opcode ID: bf255157914eabf0eddb14b0802c6c125830d3aa1e6a9388e89e2bd52339ba26
                                                                                                                                • Instruction ID: 3811a7c6101307455800d6f6dd25f743946fab17a5a8bdace18d65d5d4c2c76d
                                                                                                                                • Opcode Fuzzy Hash: bf255157914eabf0eddb14b0802c6c125830d3aa1e6a9388e89e2bd52339ba26
                                                                                                                                • Instruction Fuzzy Hash: 4DF08132640216ABDB249AE5C845BAB77ECEB40B58F114428DD25E3681EA74F943C690
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AEA6A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                  • Part of subcall function 6C0A34BC: _free.LIBCMT ref: 6C0A351E
                                                                                                                                  • Part of subcall function 6C0A34BC: _free.LIBCMT ref: 6C0A3554
                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6C0AEABE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_free$InfoLocale
                                                                                                                                • String ID: utf8
                                                                                                                                • API String ID: 2003897158-905460609
                                                                                                                                • Opcode ID: 8ed93e0d05a6477a5e3dab011d33d35c6f12c2013ff5953e9ecef47ffa25d825
                                                                                                                                • Instruction ID: 37edcc667eb2eb49fff0ebb8d5e096b877d1a804c4629a9e5b9152194bae6d13
                                                                                                                                • Opcode Fuzzy Hash: 8ed93e0d05a6477a5e3dab011d33d35c6f12c2013ff5953e9ecef47ffa25d825
                                                                                                                                • Instruction Fuzzy Hash: 46F0F432604205ABCB149BB8C849FFA73ECDB49314B100179E516D7281EA38FD098790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AEBF7 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                • EnumSystemLocalesW.KERNEL32(6C0AEED5,00000001,00000007,?,-00000050,?,6C0AF274,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 6C0AEC41
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                • Opcode ID: 04981a93fa203225fa9770c0d3c99e67968cde5df46b81094dae2821f6d381d8
                                                                                                                                • Instruction ID: bb2f997168446d88c7baf5d83dd8399b5c3bd9218184d02dc4f93d2ede3f2e5f
                                                                                                                                • Opcode Fuzzy Hash: 04981a93fa203225fa9770c0d3c99e67968cde5df46b81094dae2821f6d381d8
                                                                                                                                • Instruction Fuzzy Hash: 21F0F6362043046FDB149FF58C84BAABBE5EF8036CF15852DE9594BA42C675A843D690
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A37B2 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C09C8EE: EnterCriticalSection.KERNEL32(?,?,6C09F7BC,00000000,6C0E0EE8,0000000C,6C09F783,?,?,6C0A3741,?,?,6C0A365E,00000001,00000364,00000008), ref: 6C09C8FD
                                                                                                                                • EnumSystemLocalesW.KERNEL32(6C0A37A5,00000001,6C0E10C8,0000000C,6C0A3C10,00000000), ref: 6C0A37EA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1272433827-0
                                                                                                                                • Opcode ID: b1932fa1d1018d6860a228b53eeef391fe9add1c4dffbfeb8c5c8bf107338dea
                                                                                                                                • Instruction ID: 793e2f7d38549f7ab72b7f16f7346eb3932e5c7bfa41b6af3df4b615bfa8df71
                                                                                                                                • Opcode Fuzzy Hash: b1932fa1d1018d6860a228b53eeef391fe9add1c4dffbfeb8c5c8bf107338dea
                                                                                                                                • Instruction Fuzzy Hash: 2AF0A972A44204EFDB50DF98E400B8D7BF0FB0A729F10422AE411DB790CB75A9058F80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08AE01 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,6C088D25,00000000,?,00000004,6C087A35,?,00000004,6C087D6A,00000000,00000000), ref: 6C08AE19
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                • Opcode ID: 1d8382a4ba460e62b82d826fb6e25919ce24d0d29b9ef5b14d4bc36e74819daa
                                                                                                                                • Instruction ID: aa0b16c9c169ebbde6357654be906752f06ad21495e5774b5643afcd5061ac39
                                                                                                                                • Opcode Fuzzy Hash: 1d8382a4ba460e62b82d826fb6e25919ce24d0d29b9ef5b14d4bc36e74819daa
                                                                                                                                • Instruction Fuzzy Hash: 1DE04832696104B5DF019B789D0BFBE76ECE70171DF708551E102E6DD1DAA2CA40A165
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AEB11 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                • EnumSystemLocalesW.KERNEL32(6C0AEA6A,00000001,00000007,?,?,6C0AF2D2,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6C0AEB48
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                • Opcode ID: a5db401db4d2295a6101dca46a92843442c54da8a5df26f241feb91c4b8cd36c
                                                                                                                                • Instruction ID: 2a983ced7750071cd21b50bcb0ab2689fa2583feb8b237e1a1a6351f98c48c49
                                                                                                                                • Opcode Fuzzy Hash: a5db401db4d2295a6101dca46a92843442c54da8a5df26f241feb91c4b8cd36c
                                                                                                                                • Instruction Fuzzy Hash: ECF0EC3630020557C7049FB5C85479A7FE4FFC2754F4A405DEA1A8B641C635E943C794
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0134A7 Relevance: 1.5, APIs: 1, Instructions: 31timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLocalTime.KERNEL32(6C0133CA,6C0133CA,00000000), ref: 6C0134BB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LocalTime
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 481472006-0
                                                                                                                                • Opcode ID: 41af83434ae291ea537daa8ece73a4a35b52e7e2b41017ebfae952e173b3b263
                                                                                                                                • Instruction ID: f98b23a61ab1ec62785e5ebba473931158701826541a51f86dfdf17ab2b8ac0f
                                                                                                                                • Opcode Fuzzy Hash: 41af83434ae291ea537daa8ece73a4a35b52e7e2b41017ebfae952e173b3b263
                                                                                                                                • Instruction Fuzzy Hash: 81F08975A00219DBCF04DBA9C5656BEF7F8AF1D704B50807AEC43EBA40D634EA01D664
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A3D6B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,6C0A5F69,?,20001004,00000000,00000002,?,?,6C0A5554), ref: 6C0A3D9F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                • Opcode ID: a6009c97363b11d4ba46a6fc53ca7cb10f708bcc6a54b4074dcd447ad25b7803
                                                                                                                                • Instruction ID: 1fe8de2b4c3064497b5c5638c4a31b231e7e91ec55997a1067f31f5a5a92e9e2
                                                                                                                                • Opcode Fuzzy Hash: a6009c97363b11d4ba46a6fc53ca7cb10f708bcc6a54b4074dcd447ad25b7803
                                                                                                                                • Instruction Fuzzy Hash: FAE01A35500628BBCF025FE1DC08BDE3EA6EF49751F104014F90467611CB36D9229AE4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09300F Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                • Opcode ID: 5d7d78accaccfc4ccc36b269100391a62698497ed3819eb71aa7df9200705f6b
                                                                                                                                • Instruction ID: 59f23bd722f80508e1951c2cfcf3353b107a81a5e5e1ce4946ef56bcbb3ef124
                                                                                                                                • Opcode Fuzzy Hash: 5d7d78accaccfc4ccc36b269100391a62698497ed3819eb71aa7df9200705f6b
                                                                                                                                • Instruction Fuzzy Hash: EB61AA70744B0856DB188A6848B17BE73F5AB8DB0CF50361ED45EDBEE0C722A845EF01
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C066020 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %lx
                                                                                                                                • API String ID: 0-1448181948
                                                                                                                                • Opcode ID: 757fdbe9ffa709da5dc5b1ee45a7172d1c9c4a71662f2738734dd38c693f3755
                                                                                                                                • Instruction ID: b438e01abb316637edc8573b9c0e084af85da9ea0ca13cee94c67ffb2bd78caf
                                                                                                                                • Opcode Fuzzy Hash: 757fdbe9ffa709da5dc5b1ee45a7172d1c9c4a71662f2738734dd38c693f3755
                                                                                                                                • Instruction Fuzzy Hash: D0714B32608B514BC714CE2DC88035EB7E1AFC5728F18472DE9A5CBAC5EB75E949C781
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C092DDD Relevance: 1.5, Strings: 1, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                • Opcode ID: fb4a8737afae48788d5ed122cbf6d374dc4378295cb40c028dbc1ba9e6af39a0
                                                                                                                                • Instruction ID: e98dd9f314bdd2440cda1688f09027482ed86731d84090177b80c43e14f1aa35
                                                                                                                                • Opcode Fuzzy Hash: fb4a8737afae48788d5ed122cbf6d374dc4378295cb40c028dbc1ba9e6af39a0
                                                                                                                                • Instruction Fuzzy Hash: C7519B30245648AADB14C92888FCBEE77E99B0630CF50312ED497D7F91DB12E949F702
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09EBF8 Relevance: .7, Instructions: 668COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: bd4dd410636fca979cd12018a411903defeafd0ce8f67b1d8a7594267dd64ae8
                                                                                                                                • Instruction ID: 7967562a1f481db34c4bc0fa41c44d6f07a93326eff9138242ca321939cb5bec
                                                                                                                                • Opcode Fuzzy Hash: bd4dd410636fca979cd12018a411903defeafd0ce8f67b1d8a7594267dd64ae8
                                                                                                                                • Instruction Fuzzy Hash: B032C034A0020ADFCB04CF99C891BAEBBF5EF45308F284169ED55A7715D732AE06DB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A9809 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 038a5718a4da0333f721da7f94a5d178d3d11a59edcf17d30470c54a9a0d50ec
                                                                                                                                • Instruction ID: aed9aefffd7d2c6ae36865e6abb19a9697f57da60e2ab7a40ca9c7130427d0e0
                                                                                                                                • Opcode Fuzzy Hash: 038a5718a4da0333f721da7f94a5d178d3d11a59edcf17d30470c54a9a0d50ec
                                                                                                                                • Instruction Fuzzy Hash: B3320521E29F414DDB239574C822329B29CAFB73C9F15D727E829B5D9AEF39C5834101
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C005A58 Relevance: .2, Instructions: 161COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 293394a9036142bd51d92c2fed5406e9efe1a8758414e7099d512f3cd788963b
                                                                                                                                • Instruction ID: 7b0c986e1d4503634c53d3694285487dc7ddd3d6c7d986e0f017616330bd5e06
                                                                                                                                • Opcode Fuzzy Hash: 293394a9036142bd51d92c2fed5406e9efe1a8758414e7099d512f3cd788963b
                                                                                                                                • Instruction Fuzzy Hash: 6561E375A002289BCB68CF29C8916D9F7F1BB88314F0582EAD949E7340D774AED5CF94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C095081 Relevance: .2, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9b0df168aedb09b592528915dfc4b49978f1d30707d191e5ff68a7fafc83eb0b
                                                                                                                                • Instruction ID: 4162364ac7050986b51f4b81022e7bc243c1db7f8ba0887b171d3ba7179d7c22
                                                                                                                                • Opcode Fuzzy Hash: 9b0df168aedb09b592528915dfc4b49978f1d30707d191e5ff68a7fafc83eb0b
                                                                                                                                • Instruction Fuzzy Hash: 3F519275E01119AFDF04CF99C990BEEBBF2EF88304F198159E815AB241C7349A51DB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0B0D8C Relevance: .1, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 76709dedf1b8d11e322565869af879270ef076e587d4a7da7d96478b17f2305e
                                                                                                                                • Instruction ID: 390da28a206a2cf5098f22f77680c3815ffd42acd126a15c8ef7c2e1757d0dab
                                                                                                                                • Opcode Fuzzy Hash: 76709dedf1b8d11e322565869af879270ef076e587d4a7da7d96478b17f2305e
                                                                                                                                • Instruction Fuzzy Hash: 4221B373F205394B7B0CC47E8C522BDB6E1C78C501745827AF8A6EA2C1D968D917E2E4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0B0C6C Relevance: .1, Instructions: 81COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 95fb95d58e968be1940c2b442a9e5870fbf976a818186b6e7f8e8c5374f778d9
                                                                                                                                • Instruction ID: 77a4d47205364f328bca86d7534ca52d24579ed5b46467d8812b2c384f1a6a56
                                                                                                                                • Opcode Fuzzy Hash: 95fb95d58e968be1940c2b442a9e5870fbf976a818186b6e7f8e8c5374f778d9
                                                                                                                                • Instruction Fuzzy Hash: 7C11A763F30C255A675C816D8C1326A91D2DBD824070F433AD826E7384E9A4EE23C390
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08E430 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                • Instruction ID: 4e9a2d008e0718cebb5135e2f6555e5a38fdd53dc319bf22088a2e27cc12ceea
                                                                                                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                • Instruction Fuzzy Hash: 6C11087F24309187DE00C92DD8B47AAA7D5EBC632DB38E37AD07D8BE54D223914595C0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A8D39 Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8dfb406ccf9dfe9a22211aff2ac6907523f57bebb40b7fd3a3a3102cde85a34c
                                                                                                                                • Instruction ID: 1b3ec811ddbcd351e6fb7f681f7cb4c350389c2a46fa6bb38b4b82191fe89598
                                                                                                                                • Opcode Fuzzy Hash: 8dfb406ccf9dfe9a22211aff2ac6907523f57bebb40b7fd3a3a3102cde85a34c
                                                                                                                                • Instruction Fuzzy Hash: ACF0A0316652249FCB12CACCC401B8973FCEB09B68F1101A6E501AB642D3B0EE00C7D0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A8D7D Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7b8799b6787db6089f48cd3b4ed3fae3e22671ee93b1a7f2871a6363a1662a1b
                                                                                                                                • Instruction ID: e2f0298b8ca3cc73c0909764ed709a9ae03717d9687bc25b012b13da79921607
                                                                                                                                • Opcode Fuzzy Hash: 7b8799b6787db6089f48cd3b4ed3fae3e22671ee93b1a7f2871a6363a1662a1b
                                                                                                                                • Instruction Fuzzy Hash: 29E08C32912678EBCB14CBD8D900E8AF3FCEB49B44B214196F511E3601C270EE01C7C0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C029CA0 Relevance: 157.8, APIs: 6, Strings: 84, Instructions: 287COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • SEC_E_CRYPTO_SYSTEM_INVALID, xrefs: 6C029DF1
                                                                                                                                • %s (0x%08X), xrefs: 6C029D1D
                                                                                                                                • SEC_E_TIME_SKEW, xrefs: 6C029FDB
                                                                                                                                • SEC_I_INCOMPLETE_CREDENTIALS, xrefs: 6C02A098
                                                                                                                                • SEC_E_INCOMPLETE_MESSAGE, xrefs: 6C029E37
                                                                                                                                • SEC_E_QOP_NOT_SUPPORTED, xrefs: 6C029F6D
                                                                                                                                • SEC_E_MAX_REFERRALS_EXCEEDED, xrefs: 6C029EC3
                                                                                                                                • SEC_E_NO_IP_ADDRESSES, xrefs: 6C029F13
                                                                                                                                • SEC_E_UNSUPPORTED_FUNCTION, xrefs: 6C02A003
                                                                                                                                • SEC_E_DELEGATION_POLICY, xrefs: 6C029E05
                                                                                                                                • SEC_E_CERT_WRONG_USAGE, xrefs: 6C029DD3
                                                                                                                                • SEC_E_NO_CREDENTIALS, xrefs: 6C029EFF
                                                                                                                                • SEC_E_BUFFER_TOO_SMALL, xrefs: 6C029DA1
                                                                                                                                • SEC_E_INSUFFICIENT_MEMORY, xrefs: 6C029E41
                                                                                                                                • SEC_E_NO_AUTHENTICATING_AUTHORITY, xrefs: 6C029EF5
                                                                                                                                • SEC_E_NO_TGT_REPLY, xrefs: 6C029F3B
                                                                                                                                • SEC_I_CONTINUE_NEEDED, xrefs: 6C02A057
                                                                                                                                • SEC_E_WRONG_PRINCIPAL, xrefs: 6C02A02B
                                                                                                                                • SEC_E_UNKNOWN_CREDENTIALS, xrefs: 6C029FF9
                                                                                                                                • SEC_E_ALGORITHM_MISMATCH, xrefs: 6C029D16
                                                                                                                                • SEC_E_OUT_OF_SEQUENCE, xrefs: 6C029F45
                                                                                                                                • SEC_E_UNFINISHED_CONTEXT_DELETED, xrefs: 6C029FEF
                                                                                                                                • SEC_E_SMARTCARD_CERT_REVOKED, xrefs: 6C029FB3
                                                                                                                                • SEC_E_CROSSREALM_DELEGATION_FAILURE, xrefs: 6C029DE7
                                                                                                                                • SEC_E_INVALID_PARAMETER, xrefs: 6C029E5F
                                                                                                                                • SEC_E_CANNOT_PACK, xrefs: 6C029DB5
                                                                                                                                • SEC_E_NOT_OWNER, xrefs: 6C029EEB
                                                                                                                                • SEC_E_INTERNAL_ERROR, xrefs: 6C029E4B
                                                                                                                                • SEC_E_KDC_CERT_REVOKED, xrefs: 6C029E91
                                                                                                                                • SEC_E_TARGET_UNKNOWN, xrefs: 6C029FD1
                                                                                                                                • SEC_E_DECRYPT_FAILURE, xrefs: 6C029DFB
                                                                                                                                • SEC_E_SMARTCARD_CERT_EXPIRED, xrefs: 6C029FA9
                                                                                                                                • SEC_E_KDC_UNKNOWN_ETYPE, xrefs: 6C029EAF
                                                                                                                                • SEC_E_POLICY_NLTM_ONLY, xrefs: 6C029F63
                                                                                                                                • SEC_E_UNTRUSTED_ROOT, xrefs: 6C02A017
                                                                                                                                • SEC_E_BAD_BINDINGS, xrefs: 6C029D90
                                                                                                                                • SEC_I_RENEGOTIATE, xrefs: 6C02A0B6
                                                                                                                                • SEC_E_SMARTCARD_LOGON_REQUIRED, xrefs: 6C029FBD
                                                                                                                                • SEC_E_DELEGATION_REQUIRED, xrefs: 6C029E0F
                                                                                                                                • SEC_E_BAD_PKGID, xrefs: 6C029D97
                                                                                                                                • %s - %s, xrefs: 6C02A10F
                                                                                                                                • SEC_E_INVALID_TOKEN, xrefs: 6C029E69
                                                                                                                                • CRYPT_E_REVOKED, xrefs: 6C02A035
                                                                                                                                • SEC_I_LOCAL_LOGON, xrefs: 6C02A0A2
                                                                                                                                • SEC_E_SECPKG_NOT_FOUND, xrefs: 6C029F8B
                                                                                                                                • SEC_E_WRONG_CREDENTIAL_HANDLE, xrefs: 6C02A021
                                                                                                                                • SEC_E_CANNOT_INSTALL, xrefs: 6C029DAB
                                                                                                                                • SEC_I_COMPLETE_AND_CONTINUE, xrefs: 6C02A07A
                                                                                                                                • SEC_E_DOWNGRADE_DETECTED, xrefs: 6C029E19
                                                                                                                                • No error, xrefs: 6C02A04D
                                                                                                                                • SEC_E_NO_KERB_KEY, xrefs: 6C029F1D
                                                                                                                                • SEC_E_KDC_UNABLE_TO_REFER, xrefs: 6C029EA5
                                                                                                                                • SEC_E_STRONG_CRYPTO_NOT_SUPPORTED, xrefs: 6C029FC7
                                                                                                                                • SEC_E_ISSUING_CA_UNTRUSTED_KDC, xrefs: 6C029E7D
                                                                                                                                • SEC_E_TOO_MANY_PRINCIPALS, xrefs: 6C029FE5
                                                                                                                                • SEC_E_NO_IMPERSONATION, xrefs: 6C029F09
                                                                                                                                • SEC_E_NO_S4U_PROT_SUPPORT, xrefs: 6C029F31
                                                                                                                                • SEC_E_SHUTDOWN_IN_PROGRESS, xrefs: 6C029F9F
                                                                                                                                • SEC_E_UNSUPPORTED_PREAUTH, xrefs: 6C02A00D
                                                                                                                                • SEC_E_KDC_CERT_EXPIRED, xrefs: 6C029E87
                                                                                                                                • Unknown error, xrefs: 6C02A0CA
                                                                                                                                • SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log., xrefs: 6C02A0E0
                                                                                                                                • SEC_E_INCOMPLETE_CREDENTIALS, xrefs: 6C029E2D
                                                                                                                                • SEC_E_MUST_BE_KDC, xrefs: 6C029EE1
                                                                                                                                • SEC_E_MULTIPLE_ACCOUNTS, xrefs: 6C029ED7
                                                                                                                                • SEC_E_NO_PA_DATA, xrefs: 6C029F27
                                                                                                                                • SEC_E_MESSAGE_ALTERED, xrefs: 6C029ECD
                                                                                                                                • SEC_I_NO_LSA_CONTEXT, xrefs: 6C02A0AC
                                                                                                                                • SEC_E_ENCRYPT_FAILURE, xrefs: 6C029E23
                                                                                                                                • SEC_E_CERT_UNKNOWN, xrefs: 6C029DC9
                                                                                                                                • SEC_E_REVOCATION_OFFLINE_KDC, xrefs: 6C029F81
                                                                                                                                • SEC_I_CONTEXT_EXPIRED, xrefs: 6C02A08E
                                                                                                                                • SEC_I_SIGNATURE_NEEDED, xrefs: 6C02A0C0
                                                                                                                                • SEC_E_PKINIT_CLIENT_FAILURE, xrefs: 6C029F4F
                                                                                                                                • SEC_E_CONTEXT_EXPIRED, xrefs: 6C029DDD
                                                                                                                                • SEC_E_REVOCATION_OFFLINE_C, xrefs: 6C029F77
                                                                                                                                • SEC_E_ISSUING_CA_UNTRUSTED, xrefs: 6C029E73
                                                                                                                                • SEC_E_CERT_EXPIRED, xrefs: 6C029DBF
                                                                                                                                • SEC_E_INVALID_HANDLE, xrefs: 6C029E55
                                                                                                                                • SEC_E_LOGON_DENIED, xrefs: 6C029EB9
                                                                                                                                • SEC_E_SECURITY_QOS_FAILED, xrefs: 6C029F95
                                                                                                                                • SEC_I_COMPLETE_NEEDED, xrefs: 6C029D1C, 6C02A084
                                                                                                                                • SEC_E_KDC_INVALID_REQUEST, xrefs: 6C029E9B
                                                                                                                                • SEC_E_PKINIT_NAME_MISMATCH, xrefs: 6C029F59
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast
                                                                                                                                • String ID: %s (0x%08X)$%s - %s$CRYPT_E_REVOKED$No error$SEC_E_ALGORITHM_MISMATCH$SEC_E_BAD_BINDINGS$SEC_E_BAD_PKGID$SEC_E_BUFFER_TOO_SMALL$SEC_E_CANNOT_INSTALL$SEC_E_CANNOT_PACK$SEC_E_CERT_EXPIRED$SEC_E_CERT_UNKNOWN$SEC_E_CERT_WRONG_USAGE$SEC_E_CONTEXT_EXPIRED$SEC_E_CROSSREALM_DELEGATION_FAILURE$SEC_E_CRYPTO_SYSTEM_INVALID$SEC_E_DECRYPT_FAILURE$SEC_E_DELEGATION_POLICY$SEC_E_DELEGATION_REQUIRED$SEC_E_DOWNGRADE_DETECTED$SEC_E_ENCRYPT_FAILURE$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_E_INCOMPLETE_CREDENTIALS$SEC_E_INCOMPLETE_MESSAGE$SEC_E_INSUFFICIENT_MEMORY$SEC_E_INTERNAL_ERROR$SEC_E_INVALID_HANDLE$SEC_E_INVALID_PARAMETER$SEC_E_INVALID_TOKEN$SEC_E_ISSUING_CA_UNTRUSTED$SEC_E_ISSUING_CA_UNTRUSTED_KDC$SEC_E_KDC_CERT_EXPIRED$SEC_E_KDC_CERT_REVOKED$SEC_E_KDC_INVALID_REQUEST$SEC_E_KDC_UNABLE_TO_REFER$SEC_E_KDC_UNKNOWN_ETYPE$SEC_E_LOGON_DENIED$SEC_E_MAX_REFERRALS_EXCEEDED$SEC_E_MESSAGE_ALTERED$SEC_E_MULTIPLE_ACCOUNTS$SEC_E_MUST_BE_KDC$SEC_E_NOT_OWNER$SEC_E_NO_AUTHENTICATING_AUTHORITY$SEC_E_NO_CREDENTIALS$SEC_E_NO_IMPERSONATION$SEC_E_NO_IP_ADDRESSES$SEC_E_NO_KERB_KEY$SEC_E_NO_PA_DATA$SEC_E_NO_S4U_PROT_SUPPORT$SEC_E_NO_TGT_REPLY$SEC_E_OUT_OF_SEQUENCE$SEC_E_PKINIT_CLIENT_FAILURE$SEC_E_PKINIT_NAME_MISMATCH$SEC_E_POLICY_NLTM_ONLY$SEC_E_QOP_NOT_SUPPORTED$SEC_E_REVOCATION_OFFLINE_C$SEC_E_REVOCATION_OFFLINE_KDC$SEC_E_SECPKG_NOT_FOUND$SEC_E_SECURITY_QOS_FAILED$SEC_E_SHUTDOWN_IN_PROGRESS$SEC_E_SMARTCARD_CERT_EXPIRED$SEC_E_SMARTCARD_CERT_REVOKED$SEC_E_SMARTCARD_LOGON_REQUIRED$SEC_E_STRONG_CRYPTO_NOT_SUPPORTED$SEC_E_TARGET_UNKNOWN$SEC_E_TIME_SKEW$SEC_E_TOO_MANY_PRINCIPALS$SEC_E_UNFINISHED_CONTEXT_DELETED$SEC_E_UNKNOWN_CREDENTIALS$SEC_E_UNSUPPORTED_FUNCTION$SEC_E_UNSUPPORTED_PREAUTH$SEC_E_UNTRUSTED_ROOT$SEC_E_WRONG_CREDENTIAL_HANDLE$SEC_E_WRONG_PRINCIPAL$SEC_I_COMPLETE_AND_CONTINUE$SEC_I_COMPLETE_NEEDED$SEC_I_CONTEXT_EXPIRED$SEC_I_CONTINUE_NEEDED$SEC_I_INCOMPLETE_CREDENTIALS$SEC_I_LOCAL_LOGON$SEC_I_NO_LSA_CONTEXT$SEC_I_RENEGOTIATE$SEC_I_SIGNATURE_NEEDED$Unknown error
                                                                                                                                • API String ID: 1452528299-3170461277
                                                                                                                                • Opcode ID: 25490a7b88b198874636961e2075b9832a9f055dd2c9573f2311d154b943b9ff
                                                                                                                                • Instruction ID: 9b422d1f59a7b5268541433fe4b7c866c086a2630622cf9739681c588dba842a
                                                                                                                                • Opcode Fuzzy Hash: 25490a7b88b198874636961e2075b9832a9f055dd2c9573f2311d154b943b9ff
                                                                                                                                • Instruction Fuzzy Hash: 4891157E68CA40978B10C55C498275D62DCAB06706FA0456BF90AEFF4DDA3ECD466313
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02A930 Relevance: 89.4, APIs: 1, Strings: 50, Instructions: 135COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _strncpy
                                                                                                                                • String ID: Address already in use$Address family not supported$Address not available$Bad access$Bad argument$Bad file$Bad message size$Bad protocol$Bad quota$Blocking call in progress$Call interrupted$Call would block$Connection refused$Connection was aborted$Connection was reset$Descriptor is not a socket$Disconnected$Host down$Host not found$Host not found, try again$Host unreachable$Invalid arguments$Loop??$Name too long$Need destination address$Network down$Network has been reset$Network unreachable$No buffer space$No data record of requested type$Not empty$Operation not supported$Out of file descriptors$Process limit reached$Protocol family not supported$Protocol is unsupported$Protocol option is unsupported$Remote error$Socket has been shut down$Socket is already connected$Socket is not connected$Socket is unsupported$Something is stale$Timed out$Too many references$Too many users$Unrecoverable error in call to nameserver$Winsock library is not ready$Winsock library not initialised$Winsock version not supported
                                                                                                                                • API String ID: 2961919466-3442644082
                                                                                                                                • Opcode ID: 08c03ab0c11743d26f2e843941ceda37b1287c8598495204a5a21c8609c32985
                                                                                                                                • Instruction ID: c8784f0ea09637c21ee1da4d7ca551ee745d9a160a2f1e9605f1828710fa2a7b
                                                                                                                                • Opcode Fuzzy Hash: 08c03ab0c11743d26f2e843941ceda37b1287c8598495204a5a21c8609c32985
                                                                                                                                • Instruction Fuzzy Hash: 2F41563D69C21183D702853C97B230991DA575A610BB0CAB6B528EFF53E93FCD46CB86
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C088D59 Relevance: 27.3, APIs: 18, Instructions: 287COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0238FA: __Getcoll.LIBCPMT ref: 6C02395F
                                                                                                                                  • Part of subcall function 6C0238FA: std::_Locinfo::~_Locinfo.LIBCPMT ref: 6C02397B
                                                                                                                                • __Getcoll.LIBCPMT ref: 6C088DAF
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088DC3
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088DD8
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088E16
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088E29
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088E6F
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088EA3
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088F5E
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088F71
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088F8E
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088FAB
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088FC8
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C088F00
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • numpunct.LIBCPMT ref: 6C089007
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C089017
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C08905B
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C08906E
                                                                                                                                • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6C08908B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddfacLocimp::_Locimp_std::locale::_$std::_$GetcollLockit$LocinfoLocinfo::~_Lockit::_Lockit::~_numpunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2951193202-0
                                                                                                                                • Opcode ID: 64a3d612a89fe4c342ce6387e9a8a8b8fb559b325e1bfd363ba0b866ac09137f
                                                                                                                                • Instruction ID: 8779f9ade3dc0a133e39c59434d4160db43396f68ec4a907582ddb94539c406a
                                                                                                                                • Opcode Fuzzy Hash: 64a3d612a89fe4c342ce6387e9a8a8b8fb559b325e1bfd363ba0b866ac09137f
                                                                                                                                • Instruction Fuzzy Hash: 86911A71D022156EEF106B795C01BBF79E8DF52218F40C629E809ABB81EF71990487B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04BE70 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 352COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BEC5
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BF5D
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BF80
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BF93
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BFD1
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C02F
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C056
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C069
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C0BB
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C1DD
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C1E9
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C20F
                                                                                                                                Strings
                                                                                                                                • ** Resuming transfer from byte position %I64d, xrefs: 6C04BEF0
                                                                                                                                • %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed, xrefs: 6C04BF03
                                                                                                                                • %3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s, xrefs: 6C04C2F0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID: %3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$** Resuming transfer from byte position %I64d
                                                                                                                                • API String ID: 885266447-664487449
                                                                                                                                • Opcode ID: 283103ee159ee3bbfb2bd6a18167230a76d9a267b794db4cd1dd60911dbd76ec
                                                                                                                                • Instruction ID: a279c690b93008394db161ad958be38930dbe8483d7358a7ac06b2439e9d904b
                                                                                                                                • Opcode Fuzzy Hash: 283103ee159ee3bbfb2bd6a18167230a76d9a267b794db4cd1dd60911dbd76ec
                                                                                                                                • Instruction Fuzzy Hash: 75D15E75604B45EFD7109F64CC40BABBBE9FF89708F00892DF99993661D735B8088B52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03AA70 Relevance: 23.2, APIs: 5, Strings: 8, Instructions: 471COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr$_strncpy
                                                                                                                                • String ID: ALL_PROXY$NO_PROXY$Uses proxy env variable %s == '%s'$_proxy$all_proxy$http_proxy$memory shortage$no_proxy
                                                                                                                                • API String ID: 280326283-1021110354
                                                                                                                                • Opcode ID: 33451eb923e81d40dc7b32d5eac3553d01ff0ccf7d368de865c07167bb4640f6
                                                                                                                                • Instruction ID: a5336fc07edca4a79a547897a3a334b3bbe14f293fc5e3b8b919560132ba9d1f
                                                                                                                                • Opcode Fuzzy Hash: 33451eb923e81d40dc7b32d5eac3553d01ff0ccf7d368de865c07167bb4640f6
                                                                                                                                • Instruction Fuzzy Hash: 9602C2B05083A29BDF11CFA48844B9F7BE8AF4970DF14152DED9C9B641D734DA48CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C013683 Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 352COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • GCCC_ERROR_OSNOTSUPPORTED, xrefs: 6C0136F4, 6C01370B
                                                                                                                                • Chrome is already installed on the machine at system level., xrefs: 6C01383F, 6C013859
                                                                                                                                • Chrome supports two install models - user level(installation occurs in % USERPROFILE%) and system level (installation occurs in % PROGRAMFILES%). Both are incompatible with each other and only one can exist at any time for a use., xrefs: 6C0138C9, 6C0138E6
                                                                                                                                • Chrome already by partner offered to user within last 6 months, xrefs: 6C013951, 6C013968
                                                                                                                                • GCCC_ERROR_ALREADYOFFERED, xrefs: 6C013911, 6C013928
                                                                                                                                • User does not have sufficient privileges, xrefs: 6C0137B7, 6C0137D1
                                                                                                                                • GCCC_ERROR_ACCESSDENIED, xrefs: 6C013777, 6C01378E
                                                                                                                                • Machine Operating System does not support Chrome, xrefs: 6C013734, 6C01374E
                                                                                                                                • GCCC_ERROR_USERLEVELALREADYPRESENT, xrefs: 6C013887, 6C01389E
                                                                                                                                • Clear to install Chrome, xrefs: 6C01399A, 6C0139B1
                                                                                                                                • GCCC_ERROR_SYSTEMLEVELALREADYPRESENT, xrefs: 6C0137FF, 6C013816
                                                                                                                                • ELIGIBLE, xrefs: 6C013976
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Chrome already by partner offered to user within last 6 months$Chrome is already installed on the machine at system level.$Chrome supports two install models - user level(installation occurs in % USERPROFILE%) and system level (installation occurs in % PROGRAMFILES%). Both are incompatible with each other and only one can exist at any time for a use.$Clear to install Chrome$ELIGIBLE$GCCC_ERROR_ACCESSDENIED$GCCC_ERROR_ALREADYOFFERED$GCCC_ERROR_OSNOTSUPPORTED$GCCC_ERROR_SYSTEMLEVELALREADYPRESENT$GCCC_ERROR_USERLEVELALREADYPRESENT$Machine Operating System does not support Chrome$User does not have sufficient privileges
                                                                                                                                • API String ID: 2427045233-491493938
                                                                                                                                • Opcode ID: a59de4cdcc535eae246fc7bc8928767083c37e3ab4627d76619b166c6ef61395
                                                                                                                                • Instruction ID: 05bf9a083dfec01519f047b0680118013e2c862ae92586e2256d8227182ec19b
                                                                                                                                • Opcode Fuzzy Hash: a59de4cdcc535eae246fc7bc8928767083c37e3ab4627d76619b166c6ef61395
                                                                                                                                • Instruction Fuzzy Hash: 03D14871D09309EEDF10DBE89844BDDBBF4AF0D304F60486AE505B7A41D771AA48CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09CA1E Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$Info
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2509303402-0
                                                                                                                                • Opcode ID: 594a9e79b9092ed2d20022f09a995eaba0a9b176d7a13ebba90e6234d34de193
                                                                                                                                • Instruction ID: 1d6057f7438eefdf1456eb5f9e474c0d58a199ef3474392d902f0a9ba8686462
                                                                                                                                • Opcode Fuzzy Hash: 594a9e79b9092ed2d20022f09a995eaba0a9b176d7a13ebba90e6234d34de193
                                                                                                                                • Instruction Fuzzy Hash: EFD1DDB1E007059FDB11DFA9C880BEEBBF5BF09308F144029E495A7B82D771A946DB60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0677E0 Relevance: 21.4, APIs: 1, Strings: 11, Instructions: 366COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %s$%s%02x%02x$AAAA$CNAME: %s$Could not DOH-resolve: %s$DOH A: %u.%u.%u.%u$DOH AAAA: $DOH Host name: %s$DOH: %s type %s for %s$TTL: %u seconds$bad error code
                                                                                                                                • API String ID: 0-4053692942
                                                                                                                                • Opcode ID: 2a63fc16b4b3236743727aa161c4d9b9bc1b0cf842fe272eb30ac6ccc2bf0764
                                                                                                                                • Instruction ID: e468b62c32b2cb06566721334bbd219febf456022e15b3e54251999e95403a2a
                                                                                                                                • Opcode Fuzzy Hash: 2a63fc16b4b3236743727aa161c4d9b9bc1b0cf842fe272eb30ac6ccc2bf0764
                                                                                                                                • Instruction Fuzzy Hash: 49D1E2719043119FDB20CF29CC84B9BBBF5BF88308F45492DE99997A51D735E908CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03F960 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 148libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,00000001,6C0E6598,security.dll,6C06717B,security.dll,00000004,00000000,00000002,00000002,6C03FCB4), ref: 6C03F96A
                                                                                                                                • GetProcAddress.KERNEL32(00000000,LoadLibraryExA), ref: 6C03F982
                                                                                                                                • _strpbrk.LIBCMT ref: 6C03F994
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressHandleModuleProc_strpbrk
                                                                                                                                • String ID: AddDllDirectory$LoadLibraryExA$kernel32$security.dll
                                                                                                                                • API String ID: 1657965159-2138446276
                                                                                                                                • Opcode ID: 3bed9c4152f5cd880b23ec6203ace07a8e26411c870afa037e174161a3e70dd4
                                                                                                                                • Instruction ID: ceacfa3114aa20c783a83bac7f2d79489ae18180d79c7c7f84d07d232b093ae4
                                                                                                                                • Opcode Fuzzy Hash: 3bed9c4152f5cd880b23ec6203ace07a8e26411c870afa037e174161a3e70dd4
                                                                                                                                • Instruction Fuzzy Hash: F0319C763043022BEB005F7DAC447AA7BEDDF8622AF3445BEE54AC7A41DF63C40A4660
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C020F97 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 489registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C020F9E
                                                                                                                                • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000040,6C020AE0,?,?), ref: 6C020FCF
                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6C021030
                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 6C02110F
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6C021559
                                                                                                                                Strings
                                                                                                                                • RegQueryInfoKey failed while preparing for subkey enumeration., xrefs: 6C0210E9
                                                                                                                                • HKEY_LOCAL_MACHINE, xrefs: 6C021163
                                                                                                                                • Cannot enumerate subkeys: RegEnumKeyEx failed., xrefs: 6C0210E1
                                                                                                                                • InstallLocation, xrefs: 6C021450
                                                                                                                                • DisplayName, xrefs: 6C021376
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseEnumH_prolog3_H_prolog3_catch_InfoQuery
                                                                                                                                • String ID: Cannot enumerate subkeys: RegEnumKeyEx failed.$DisplayName$HKEY_LOCAL_MACHINE$InstallLocation$RegQueryInfoKey failed while preparing for subkey enumeration.
                                                                                                                                • API String ID: 3186208820-1651243609
                                                                                                                                • Opcode ID: 484db3db1a9ab3ad7f121a29686fb5c8563b112735f3ec97626b449c1896738a
                                                                                                                                • Instruction ID: fc8a7013129edda377394c1a1d310ab446ca4ebf53aa05129091b15d4307b55b
                                                                                                                                • Opcode Fuzzy Hash: 484db3db1a9ab3ad7f121a29686fb5c8563b112735f3ec97626b449c1896738a
                                                                                                                                • Instruction Fuzzy Hash: E9122B71D05218EEDF14DFA4C890BEEBBF9BF09304F1040A9E509B7651DB35AA89CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C045370 Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 367COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C0454D1
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C045569
                                                                                                                                Strings
                                                                                                                                • Added %s:%d:%s to DNS cache, xrefs: 6C045796
                                                                                                                                • *, xrefs: 6C0457A4
                                                                                                                                • :%u, xrefs: 6C045459, 6C0456C9
                                                                                                                                • Resolve address '%s' found illegal!, xrefs: 6C04563A
                                                                                                                                • Couldn't parse CURLOPT_RESOLVE entry '%s'!, xrefs: 6C045652
                                                                                                                                • %255[^:]:%d, xrefs: 6C0453CE
                                                                                                                                • RESOLVE %s:%d is - old addresses discarded!, xrefs: 6C045724
                                                                                                                                • RESOLVE %s:%d is wildcard, enabling wildcard checks, xrefs: 6C0457C3
                                                                                                                                • Couldn't parse CURLOPT_RESOLVE removal entry '%s'!, xrefs: 6C0453E7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr
                                                                                                                                • String ID: %255[^:]:%d$*$:%u$Added %s:%d:%s to DNS cache$Couldn't parse CURLOPT_RESOLVE entry '%s'!$Couldn't parse CURLOPT_RESOLVE removal entry '%s'!$RESOLVE %s:%d is - old addresses discarded!$RESOLVE %s:%d is wildcard, enabling wildcard checks$Resolve address '%s' found illegal!
                                                                                                                                • API String ID: 601868998-1944672612
                                                                                                                                • Opcode ID: e4ae5df8719010e0a5eb77c02b4d37d1ddb3bb8add23b751aac54d975ff69b60
                                                                                                                                • Instruction ID: 01b4d9a587aa5831df6e713e7d594a2abefc0bad4f345afa987566acf849d490
                                                                                                                                • Opcode Fuzzy Hash: e4ae5df8719010e0a5eb77c02b4d37d1ddb3bb8add23b751aac54d975ff69b60
                                                                                                                                • Instruction Fuzzy Hash: 3BC1D575908352DFD721CF24DC40BAF7BE8AF85308F048939E89997A51E735E609CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0ACF53 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 6C0ACF97
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD3BA
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD3CC
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD3DE
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD3F0
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD402
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD414
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD426
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD438
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD44A
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD45C
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD46E
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD480
                                                                                                                                  • Part of subcall function 6C0AD39D: _free.LIBCMT ref: 6C0AD492
                                                                                                                                • _free.LIBCMT ref: 6C0ACF8C
                                                                                                                                  • Part of subcall function 6C0A376B: RtlFreeHeap.NTDLL(00000000,00000000,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?), ref: 6C0A3781
                                                                                                                                  • Part of subcall function 6C0A376B: GetLastError.KERNEL32(?,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?,?), ref: 6C0A3793
                                                                                                                                • _free.LIBCMT ref: 6C0ACFAE
                                                                                                                                • _free.LIBCMT ref: 6C0ACFC3
                                                                                                                                • _free.LIBCMT ref: 6C0ACFCE
                                                                                                                                • _free.LIBCMT ref: 6C0ACFF0
                                                                                                                                • _free.LIBCMT ref: 6C0AD003
                                                                                                                                • _free.LIBCMT ref: 6C0AD011
                                                                                                                                • _free.LIBCMT ref: 6C0AD01C
                                                                                                                                • _free.LIBCMT ref: 6C0AD054
                                                                                                                                • _free.LIBCMT ref: 6C0AD05B
                                                                                                                                • _free.LIBCMT ref: 6C0AD078
                                                                                                                                • _free.LIBCMT ref: 6C0AD090
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 161543041-0
                                                                                                                                • Opcode ID: 02e92e861241cb257037443ad6947ba48aa4487cdf4d8d20cd3bc8f0ffdf881c
                                                                                                                                • Instruction ID: 676c037dbcc78d67c2b945f919471ed99f0f24918670b796e09956d7f4e8508a
                                                                                                                                • Opcode Fuzzy Hash: 02e92e861241cb257037443ad6947ba48aa4487cdf4d8d20cd3bc8f0ffdf881c
                                                                                                                                • Instruction Fuzzy Hash: 61318DB1604B009FEB22AAFADD45F8A73E8AF09318F204429E455D7A52DF71F947CB10
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AD49B Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 269201875-0
                                                                                                                                • Opcode ID: 862cc9a5a07d8186e8a09c50c19f0e4ab6cb1363ac7b59067a85dac5ff17a579
                                                                                                                                • Instruction ID: 3499233c7c5f32da538da8f0c974689a2d0303c37f7077d16cbdae63fb3e6996
                                                                                                                                • Opcode Fuzzy Hash: 862cc9a5a07d8186e8a09c50c19f0e4ab6cb1363ac7b59067a85dac5ff17a579
                                                                                                                                • Instruction Fuzzy Hash: DFC124B6E40604AFDB20DBE8CC86FDE77F89B09714F144165FA04FB683E671AA458750
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C027FD4 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 425COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                  • Part of subcall function 6C025E44: __EH_prolog3_GS.LIBCMT ref: 6C025E4E
                                                                                                                                  • Part of subcall function 6C028F04: __EH_prolog3_GS.LIBCMT ref: 6C028F0E
                                                                                                                                  • Part of subcall function 6C0189ED: __EH_prolog3_GS.LIBCMT ref: 6C0189F4
                                                                                                                                  • Part of subcall function 6C01A2F6: __EH_prolog3_GS.LIBCMT ref: 6C01A300
                                                                                                                                  • Part of subcall function 6C0253FC: __EH_prolog3_GS.LIBCMT ref: 6C025403
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: $remote$&event=$3$api_key$api_key=$event$event_properties$event_type$session_id
                                                                                                                                • API String ID: 2427045233-3660481794
                                                                                                                                • Opcode ID: a2206e49dc324f2f71cdd22aa5a88053163f83e3440ad2f6204a118145de0266
                                                                                                                                • Instruction ID: cb08f7de36068454b944515c225c1eef675b5af15f3e4d337e87826e43816398
                                                                                                                                • Opcode Fuzzy Hash: a2206e49dc324f2f71cdd22aa5a88053163f83e3440ad2f6204a118145de0266
                                                                                                                                • Instruction Fuzzy Hash: 2B12297190529CEEEB21CBA4CC44FDDBBB8AB15308F4081DAD449B7681E7756B88CF61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08EFEF Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsInExceptionSpec.LIBVCRUNTIME ref: 6C08F0EC
                                                                                                                                • type_info::operator==.LIBVCRUNTIME ref: 6C08F10E
                                                                                                                                • ___TypeMatch.LIBVCRUNTIME ref: 6C08F21D
                                                                                                                                • CatchIt.LIBVCRUNTIME ref: 6C08F26E
                                                                                                                                • IsInExceptionSpec.LIBVCRUNTIME ref: 6C08F2EF
                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 6C08F373
                                                                                                                                • CallUnexpected.LIBVCRUNTIME ref: 6C08F38E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                • API String ID: 4234981820-393685449
                                                                                                                                • Opcode ID: 24fa21be9d40e0f4a7dc41c64dfcd90c051b2b3472f7057d9bcebad781ae83cf
                                                                                                                                • Instruction ID: e6fba5407ee12cae30a36fac1605cd310637bacc043bdeb599d2033781f9f794
                                                                                                                                • Opcode Fuzzy Hash: 24fa21be9d40e0f4a7dc41c64dfcd90c051b2b3472f7057d9bcebad781ae83cf
                                                                                                                                • Instruction Fuzzy Hash: D1B14875D06209DFCF04CFA8C840A9EBBF9FF04318F14825AE9146BA11D775EA52CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A15D8 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3907804496
                                                                                                                                • Opcode ID: 797cd0fb67322b9b0e0d499e23df09dad551bd2fb9d0b175ba42825f7fdee281
                                                                                                                                • Instruction ID: c23feeeb8d1f46294a50c5fcc739b7825ecf9cb2ddf6e9d262091d2906438de1
                                                                                                                                • Opcode Fuzzy Hash: 797cd0fb67322b9b0e0d499e23df09dad551bd2fb9d0b175ba42825f7fdee281
                                                                                                                                • Instruction Fuzzy Hash: 14C1BFB4A08245EFDB05CFD9C880BEDBBF5AF0A718F144159E820AB792C734D942CB64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A2D74 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A2A15: CreateFileW.KERNEL32(?,?,?,?,?,?,00000000), ref: 6C0A2A32
                                                                                                                                • GetLastError.KERNEL32 ref: 6C0A2E88
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C0A2E8F
                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 6C0A2E9B
                                                                                                                                • GetLastError.KERNEL32 ref: 6C0A2EA5
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C0A2EAE
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6C0A2ECE
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 6C0A301B
                                                                                                                                • GetLastError.KERNEL32 ref: 6C0A304D
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C0A3054
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                • String ID: H
                                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                                • Opcode ID: 2744b911cf4e3ad4b98d503b21dc7f05d1e7eca0f5b695328d8e34754f07eab1
                                                                                                                                • Instruction ID: f5c8c3888d60bc13e3b4acc398fec97cfcaf595dc9cac9e69a3975d4495fa2ff
                                                                                                                                • Opcode Fuzzy Hash: 2744b911cf4e3ad4b98d503b21dc7f05d1e7eca0f5b695328d8e34754f07eab1
                                                                                                                                • Instruction Fuzzy Hash: A4A12432A045549FCF19DFE9C855BDD3BF0EB0A328F180269E815AB392CB359917CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C048430 Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 252COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C0484C7
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C0484DA
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr
                                                                                                                                • String ID: %s$Authorization:$Connection:$Content-Length:$Content-Type:$Cookie:$Host:$Transfer-Encoding:
                                                                                                                                • API String ID: 601868998-2985882615
                                                                                                                                • Opcode ID: 9dbf3c7ba3c7cc57ddba6e0648092043c3c9fef8ea61341a1eeeece4f64af016
                                                                                                                                • Instruction ID: a4305b745902a6351ba6e10c7d70e6b90f6f459d078ff40659298cfdea822c45
                                                                                                                                • Opcode Fuzzy Hash: 9dbf3c7ba3c7cc57ddba6e0648092043c3c9fef8ea61341a1eeeece4f64af016
                                                                                                                                • Instruction Fuzzy Hash: 35814770A08341DBE7109A259C44B9B3BE89F4134CF18CB7AEC58DBA42E732D914CBD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00AF1D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 244registryprocessCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00AF27
                                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 6C00AF5B
                                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 6C00B162
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C00B16C
                                                                                                                                  • Part of subcall function 6C00AA38: __EH_prolog3_catch_GS.LIBCMT ref: 6C00AA42
                                                                                                                                • RegisterWaitForSingleObject.KERNEL32(?,?,6C00B659,?,000000FF,00000008), ref: 6C00B1C7
                                                                                                                                • GetLastError.KERNEL32(?,000000FF,00000008), ref: 6C00B1D1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$CreateH_prolog3_H_prolog3_catch_ObjectPathProcessRegisterSingleTempWait
                                                                                                                                • String ID: D$OFFERINSTALLER_STARTFAIL$OFFERINSTALLER_WAITFAIL$chrome
                                                                                                                                • API String ID: 4165132579-891327357
                                                                                                                                • Opcode ID: be76212e0bba329b4581d325cc8824ac02b7a6e9519d2853dd4cee9bd608c4eb
                                                                                                                                • Instruction ID: cf200953e013d0ab66b400878ef494d985e4aaf82a198fb27ff443815e29cd2d
                                                                                                                                • Opcode Fuzzy Hash: be76212e0bba329b4581d325cc8824ac02b7a6e9519d2853dd4cee9bd608c4eb
                                                                                                                                • Instruction Fuzzy Hash: 5FA13A71A02218AFDF54DF68CC88BD9B7F8AB19304F2444D9E509A7641DB35AB88CF61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00B93C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 184registryprocessCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00B943
                                                                                                                                  • Part of subcall function 6C0101B8: __EH_prolog3_GS.LIBCMT ref: 6C0101BF
                                                                                                                                  • Part of subcall function 6C010B55: __alldvrm.LIBCMT ref: 6C010B73
                                                                                                                                  • Part of subcall function 6C010B55: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C010B96
                                                                                                                                • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,08000000,00000000,00000000,?,00000000), ref: 6C00BA38
                                                                                                                                • GetLastError.KERNEL32 ref: 6C00BA42
                                                                                                                                • RegisterWaitForSingleObject.KERNEL32(?,00000000,6C00BB8F,?,000000FF,00000008), ref: 6C00BABE
                                                                                                                                • GetLastError.KERNEL32 ref: 6C00BAC8
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C00BB43
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,0000001E,000F4240,00000000), ref: 6C00BB67
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,0000001E,000F4240,00000000), ref: 6C00BB6F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseErrorH_prolog3_HandleLastUnothrow_t@std@@@__ehfuncinfo$??2@$CreateObjectProcessRegisterSingleWait__alldvrm
                                                                                                                                • String ID: OFFERLAUNCH_STARTFAIL$OFFERLAUNCH_WAITFAIL
                                                                                                                                • API String ID: 1233574657-3410417353
                                                                                                                                • Opcode ID: 4ec6fa5d62f4bd2f741a931d6016a989c498fad7e109146d28bd6fbaeb6bad7b
                                                                                                                                • Instruction ID: 4d95c88b55e3d210747d693f21503a930c42de741235a6752ef20c2261c1c0d8
                                                                                                                                • Opcode Fuzzy Hash: 4ec6fa5d62f4bd2f741a931d6016a989c498fad7e109146d28bd6fbaeb6bad7b
                                                                                                                                • Instruction Fuzzy Hash: 3B716D71A00208EFDF04DFA4C844BED7BF9EF09308F1445A9E949AB351DB71A909CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C01A837 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 349COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: %.2X$: 0x$\u%04x$\u%04x\u%04x$\ufffd$incomplete UTF-8 string; last byte: 0x$invalid UTF-8 byte at index $null
                                                                                                                                • API String ID: 2427045233-3218735851
                                                                                                                                • Opcode ID: fa1f0c89bd103940ac5e2e6f1fb396330ffbc3b23626787ea7d2cc6f33651267
                                                                                                                                • Instruction ID: 5b55f96ab59222e627db7fb01abec238bd1b0879ea8810992a89396f2ca4bf20
                                                                                                                                • Opcode Fuzzy Hash: fa1f0c89bd103940ac5e2e6f1fb396330ffbc3b23626787ea7d2cc6f33651267
                                                                                                                                • Instruction Fuzzy Hash: 50D10470908255EFD710CBE8C984B9EFBF4AF05308F644159E140ABE82D775EA49CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00B2C5 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 237processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00B2CF
                                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 6C00B338
                                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 6C00B554
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000007), ref: 6C00B562
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00000007), ref: 6C00B5CE
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00000007), ref: 6C00B5D6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseHandle$CreateErrorH_prolog3_LastPathProcessTemp
                                                                                                                                • String ID: PLAYAINSTALLER_STARTFAIL$PlayaNext.CoreInstaller.exe$user_id
                                                                                                                                • API String ID: 3003937225-3550819263
                                                                                                                                • Opcode ID: beb101ea35deebf3560f6b7eb52497181250a408ff3e417be3cd440358d852dc
                                                                                                                                • Instruction ID: 703cbe3d352006fa07a41f27876480dd7131b22bcabca38f264f823f22c763ba
                                                                                                                                • Opcode Fuzzy Hash: beb101ea35deebf3560f6b7eb52497181250a408ff3e417be3cd440358d852dc
                                                                                                                                • Instruction Fuzzy Hash: 8AA16771A01218AFDB24EB68CC48BD9B7F8AF19308F2044D9D449A7651DB75AF88CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00AC27 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 122COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00AC31
                                                                                                                                  • Part of subcall function 6C00ADFC: __EH_prolog3_GS.LIBCMT ref: 6C00AE06
                                                                                                                                  • Part of subcall function 6C00ADFC: GetModuleHandleA.KERNEL32(ntdll,RtlGetVersion,0000016C,6C00ADB4,?,?,00000030,00000004,Function_000089D4,?,?,Windows 7,00000009,6.1,00000003,Windows 8), ref: 6C00AE1E
                                                                                                                                  • Part of subcall function 6C00ADFC: GetProcAddress.KERNEL32(00000000), ref: 6C00AE25
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_$AddressHandleModuleProc
                                                                                                                                • String ID: 10.0$6.1$6.2$6.3$Windows 10$Windows 7$Windows 8$Windows 8.1
                                                                                                                                • API String ID: 2280343383-2656326257
                                                                                                                                • Opcode ID: 86f7b3e71b947ba4b1af2f00758207ee0bfdb893800a3eb6e8d7197febc460b7
                                                                                                                                • Instruction ID: 1753ca8fa8ef976c31368c013bf2374e3ae8dc0987e3cfe6535fafd7b85ca90a
                                                                                                                                • Opcode Fuzzy Hash: 86f7b3e71b947ba4b1af2f00758207ee0bfdb893800a3eb6e8d7197febc460b7
                                                                                                                                • Instruction Fuzzy Hash: 4A512470D0525CEAEB11CFA8C890BEDFBB4BF15208F50449ED1597B682DBB45A88CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A3378 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _free.LIBCMT ref: 6C0A338E
                                                                                                                                  • Part of subcall function 6C0A376B: RtlFreeHeap.NTDLL(00000000,00000000,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?), ref: 6C0A3781
                                                                                                                                  • Part of subcall function 6C0A376B: GetLastError.KERNEL32(?,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?,?), ref: 6C0A3793
                                                                                                                                • _free.LIBCMT ref: 6C0A339A
                                                                                                                                • _free.LIBCMT ref: 6C0A33A5
                                                                                                                                • _free.LIBCMT ref: 6C0A33B0
                                                                                                                                • _free.LIBCMT ref: 6C0A33BB
                                                                                                                                • _free.LIBCMT ref: 6C0A33C6
                                                                                                                                • _free.LIBCMT ref: 6C0A33D1
                                                                                                                                • _free.LIBCMT ref: 6C0A33DC
                                                                                                                                • _free.LIBCMT ref: 6C0A33E7
                                                                                                                                • _free.LIBCMT ref: 6C0A33F5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 776569668-0
                                                                                                                                • Opcode ID: a022853980be4cb58c450b1e381e1a0cdde81751e3a06a812de593ba9f809d0d
                                                                                                                                • Instruction ID: 09e8c796fa0671e04aacb5e5eec9e9eb0e5861c01278df76e43339f34ddc02bf
                                                                                                                                • Opcode Fuzzy Hash: a022853980be4cb58c450b1e381e1a0cdde81751e3a06a812de593ba9f809d0d
                                                                                                                                • Instruction Fuzzy Hash: 5321BBB6900908AFCB12DFD9C991EDD7BF4BF09644F004165E5159B622EB31EB4ACB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C026B5B Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 352COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C026B65
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: $Google Chrome Criteria Checker$Override$eligible_offer$method_used$reasons_code$reasons_description
                                                                                                                                • API String ID: 2427045233-1973103370
                                                                                                                                • Opcode ID: 14cf2021b5287090387d71001de397bd14704bcc0f3ff2c2cabd59576e9fa746
                                                                                                                                • Instruction ID: c945ca7981b2adb80cd3b5affe36eb513d28fe21ca2f6d9754f7d097159eb96d
                                                                                                                                • Opcode Fuzzy Hash: 14cf2021b5287090387d71001de397bd14704bcc0f3ff2c2cabd59576e9fa746
                                                                                                                                • Instruction Fuzzy Hash: 68F146B0C0525CDEEB25CBA4C980BDDBBF8AB19304F5084EAD548B7681D7746B88CF61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C025E44 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 248COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C025E4E
                                                                                                                                  • Part of subcall function 6C028DD7: __EH_prolog3_GS.LIBCMT ref: 6C028DDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: C++ v1.7.3$PlayaSDK $distributor$distributor_product$offer_product$source$user_country
                                                                                                                                • API String ID: 2427045233-4222386883
                                                                                                                                • Opcode ID: a6610cde92b864afbbc7e5edc67c712cf18e559206fbccee357461ae4bcd5196
                                                                                                                                • Instruction ID: ca6a90e919c3313cb5b36c4f3a00ba19aaa30e897241b3169695537582c8944f
                                                                                                                                • Opcode Fuzzy Hash: a6610cde92b864afbbc7e5edc67c712cf18e559206fbccee357461ae4bcd5196
                                                                                                                                • Instruction Fuzzy Hash: 2FB1F775C0529CEEDB21CBA4DD84FDEBBB8AF55304F5080EA9449A3641E7706B88CF21
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C080AD2 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C080AD9
                                                                                                                                • _Maklocstr.LIBCPMT ref: 6C080B42
                                                                                                                                • _Maklocstr.LIBCPMT ref: 6C080B54
                                                                                                                                • _Maklocchr.LIBCPMT ref: 6C080B6C
                                                                                                                                • _Maklocchr.LIBCPMT ref: 6C080B7C
                                                                                                                                • _Getvals.LIBCPMT ref: 6C080B9E
                                                                                                                                  • Part of subcall function 6C07989D: _Maklocchr.LIBCPMT ref: 6C0798CC
                                                                                                                                  • Part of subcall function 6C07989D: _Maklocchr.LIBCPMT ref: 6C0798E2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                • String ID: false$true
                                                                                                                                • API String ID: 3549167292-2658103896
                                                                                                                                • Opcode ID: 5c0bce7d6671ccced7a66cf0f678ef72daea3f3384293fad30733904fe2d91b4
                                                                                                                                • Instruction ID: e7385790ec11a322a726b9e91bf4907ec6d6513a827c426acb34c08ab596d6ce
                                                                                                                                • Opcode Fuzzy Hash: 5c0bce7d6671ccced7a66cf0f678ef72daea3f3384293fad30733904fe2d91b4
                                                                                                                                • Instruction Fuzzy Hash: 1F217172C06254BADF28EFA4D845BDE7BF8AF05714F008056F914AF641DB70A648CFA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C013DDA Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67registrystringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegCreateKeyExW.ADVAPI32(80000002,SOFTWARE\Google\GCAPITemp,00000000,00000000,00000000,0002021F,00000000,?,?), ref: 6C013E1E
                                                                                                                                • lstrlenW.KERNEL32(?), ref: 6C013E2C
                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 6C013E3E
                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 6C013E51
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 6C013E5A
                                                                                                                                • RegDeleteKeyW.ADVAPI32(80000002,SOFTWARE\Google\GCAPITemp), ref: 6C013E68
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DeleteValue$CloseCreatelstrlen
                                                                                                                                • String ID: SOFTWARE\Google\GCAPITemp$test
                                                                                                                                • API String ID: 495649648-1132671362
                                                                                                                                • Opcode ID: ae5fe6a950d955cf03688babb30594584e7264f997474d1b391a98b47a594f78
                                                                                                                                • Instruction ID: b74d363d2d58d0ab03687edd30e3aa4dd9866735250514441c3b7808d9b31e07
                                                                                                                                • Opcode Fuzzy Hash: ae5fe6a950d955cf03688babb30594584e7264f997474d1b391a98b47a594f78
                                                                                                                                • Instruction Fuzzy Hash: 4C110A71A11219AFDB00DE958D89DFFBBBDFB0A744F500029F601A2240DA369A048AA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AD8BB Relevance: 13.7, APIs: 9, Instructions: 200COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 269201875-0
                                                                                                                                • Opcode ID: d4bef5885fc43bab4dd598d7e5c3633b03c7381064529f02468faa335675ccf2
                                                                                                                                • Instruction ID: c0963de55bc892cc8e6454540a73f9d9a29dca77f6ad4037ddbf93e28ed4b2c9
                                                                                                                                • Opcode Fuzzy Hash: d4bef5885fc43bab4dd598d7e5c3633b03c7381064529f02468faa335675ccf2
                                                                                                                                • Instruction Fuzzy Hash: 6161F6B1904704AFD711CFF9C880B9EB7F8AB49B14F104169ED55EB682EB70E9068B50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C073FE0 Relevance: 13.6, APIs: 9, Instructions: 139threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3943753294-0
                                                                                                                                • Opcode ID: aaa53c49dd768c9d664179b88cc9f91518130aa300cf4824fdd724831bdad686
                                                                                                                                • Instruction ID: 85fff82472d683f3d130bdc258b5e177ad2c16d3570c6f9bdd24632f98a7d7f9
                                                                                                                                • Opcode Fuzzy Hash: aaa53c49dd768c9d664179b88cc9f91518130aa300cf4824fdd724831bdad686
                                                                                                                                • Instruction Fuzzy Hash: 1E51BF30A00615EFCF28DFA4C588AA9B7F4FF09714B21815AE8159BA45CB31E941CFBD
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00BEA1 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 6C00BEAB
                                                                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 6C00BF16
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_catch_PathTemp
                                                                                                                                • String ID: '; actual: '$File is bad$File is not good$File is not open$Verification failed ... expected: '
                                                                                                                                • API String ID: 4077930522-2328797022
                                                                                                                                • Opcode ID: 9571bda939127dfebfdb78d164a5fd9ec85633a0f69317f9ff52f9481de50f35
                                                                                                                                • Instruction ID: 2f2e86a32c7aa81a49440fa956072c4e1154010a51bc9d90115b4719ea436765
                                                                                                                                • Opcode Fuzzy Hash: 9571bda939127dfebfdb78d164a5fd9ec85633a0f69317f9ff52f9481de50f35
                                                                                                                                • Instruction Fuzzy Hash: 0EF12971A05268AFEB25DB54CC88BDDB7F8AB19304F2041DAE04DB7640DB75AB88CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C014B23 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 279COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: key$regex$root_key$sub_key$type$type_code
                                                                                                                                • API String ID: 2427045233-405878008
                                                                                                                                • Opcode ID: 139b0762239ac4a8f3bf23bfbf8c04eda73d1fdd54e9a39c1c8f62df1ab34f5a
                                                                                                                                • Instruction ID: 74ff10ffb0cf69eac1e2754fcac8e440890c69be446850c312e67c233a5a3f06
                                                                                                                                • Opcode Fuzzy Hash: 139b0762239ac4a8f3bf23bfbf8c04eda73d1fdd54e9a39c1c8f62df1ab34f5a
                                                                                                                                • Instruction Fuzzy Hash: 73B10D71D19259AEDB09CFE8D880BEEBBF8FF08304F10445AE155A7741D734A648CBA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A5B85 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A34BC: GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                  • Part of subcall function 6C0A34BC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                • _free.LIBCMT ref: 6C0A5E92
                                                                                                                                • _free.LIBCMT ref: 6C0A5EAB
                                                                                                                                • _free.LIBCMT ref: 6C0A5EE9
                                                                                                                                • _free.LIBCMT ref: 6C0A5EF2
                                                                                                                                • _free.LIBCMT ref: 6C0A5EFE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorLast
                                                                                                                                • String ID: C$tNl
                                                                                                                                • API String ID: 3291180501-754778717
                                                                                                                                • Opcode ID: b3fcd5515e47219159fb9667963a033a2ec7da72254a3cdec5ad2a29dfcf9907
                                                                                                                                • Instruction ID: d65cfe41b2462b2d889566781f248710b9934ed6d63a68f1ac58aa00b2680b6d
                                                                                                                                • Opcode Fuzzy Hash: b3fcd5515e47219159fb9667963a033a2ec7da72254a3cdec5ad2a29dfcf9907
                                                                                                                                • Instruction Fuzzy Hash: 5CB15A79A05A199FDB24CF98C898B9DB7F4FF09308F5045AAD809A7751E730AE81CF40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02641E Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 229COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C026428
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Manual$app_install$exit_code$installer_arguments$installer_runtime_ms$method
                                                                                                                                • API String ID: 2427045233-614820906
                                                                                                                                • Opcode ID: 689740dda47d1f02f56277d90addee98544a4aa55983b353488ea78cbd14d810
                                                                                                                                • Instruction ID: c0c4d6ee9fb1820f8b9b0d9c31ff0cb9278bf811d3ae9c558ca358b521b1fea6
                                                                                                                                • Opcode Fuzzy Hash: 689740dda47d1f02f56277d90addee98544a4aa55983b353488ea78cbd14d810
                                                                                                                                • Instruction Fuzzy Hash: 1CA10671C0129CDEDF21CBA8CC84BDEBBB8AB19304F5444EAD449A7641EB745B88CF61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00B659 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 192COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00B660
                                                                                                                                  • Part of subcall function 6C010B55: __alldvrm.LIBCMT ref: 6C010B73
                                                                                                                                  • Part of subcall function 6C010B55: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C010B96
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C00B68E
                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 6C00B6E8
                                                                                                                                • GetLastError.KERNEL32 ref: 6C00B78B
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 6C00B815
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 6C00B81A
                                                                                                                                Strings
                                                                                                                                • OFFERINSTALLER_GETEXITCODEFAIL, xrefs: 6C00B7BE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseHandleUnothrow_t@std@@@__ehfuncinfo$??2@$CodeErrorExitH_prolog3_LastProcess__alldvrm
                                                                                                                                • String ID: OFFERINSTALLER_GETEXITCODEFAIL
                                                                                                                                • API String ID: 184878120-2884857735
                                                                                                                                • Opcode ID: 07b606cfc1a2a037f63ce83c11a5c1e0a353f68519295cba214927335d9eb126
                                                                                                                                • Instruction ID: 14525d30402344ef789ceac3b782cf963d5ab3d1e4223ffedbbf339f5a5e217e
                                                                                                                                • Opcode Fuzzy Hash: 07b606cfc1a2a037f63ce83c11a5c1e0a353f68519295cba214927335d9eb126
                                                                                                                                • Instruction Fuzzy Hash: 47712971A01208DFDF05DFA8C981BEEBBF5EF09304F24449AE505AB751DB71AA05CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0134FE Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 119COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,6C013375,?,00000208), ref: 6C01352A
                                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?,?,?,?,?,6C013375,?,00000208), ref: 6C01354C
                                                                                                                                • GetFileVersionInfoW.VERSION(?,?,00002000,?,6C013375,?,00000208), ref: 6C01358C
                                                                                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,00002000,?,6C013375,?,00000208), ref: 6C0135BF
                                                                                                                                • VerQueryValueW.VERSION(?,?,?,?,\VarFileInfo\Translation,?,?,?,?,00002000,?,6C013375,?,00000208), ref: 6C013636
                                                                                                                                Strings
                                                                                                                                • \StringFileInfo\%02X%02X%02X%02X\CompanyName, xrefs: 6C0135FB
                                                                                                                                • \VarFileInfo\Translation, xrefs: 6C0135B3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$InfoQueryValueVersion$ModuleNameSize
                                                                                                                                • String ID: \StringFileInfo\%02X%02X%02X%02X\CompanyName$\VarFileInfo\Translation
                                                                                                                                • API String ID: 449337467-937506062
                                                                                                                                • Opcode ID: c0199fa5f7837128a0eff66d5c4579231f9ed0aa89ffd6cdf2e230a0b2ccdd56
                                                                                                                                • Instruction ID: 327aacf76b4ed6a2455fb9c7d149f1cd76b48edd22406c8174b9545494220cc1
                                                                                                                                • Opcode Fuzzy Hash: c0199fa5f7837128a0eff66d5c4579231f9ed0aa89ffd6cdf2e230a0b2ccdd56
                                                                                                                                • Instruction Fuzzy Hash: 214196F5900228AADF20DA548C44FDBB7FCAB49718F4085A5E619E3A50D730DB84CBB4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02A370 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$_strrchr$_strncpy
                                                                                                                                • String ID: Unknown error %d (%#x)
                                                                                                                                • API String ID: 1320708361-2414550090
                                                                                                                                • Opcode ID: 48b7662e7f8d49c7047e56c4e1318bb008c4709362f9f83cb03684532370b23c
                                                                                                                                • Instruction ID: 9804c53b2a3e73bf5b26b427e6cfc224e5043ba79fdf511d3bf4ffe4904caa6b
                                                                                                                                • Opcode Fuzzy Hash: 48b7662e7f8d49c7047e56c4e1318bb008c4709362f9f83cb03684532370b23c
                                                                                                                                • Instruction Fuzzy Hash: 7D212575A09201AFEB015A34AC45BAF7BECDF9265DF340069F80593F41EF29E80492B2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C080BAB Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MaklocchrMaklocstr$H_prolog3_
                                                                                                                                • String ID: false$true
                                                                                                                                • API String ID: 2404127365-2658103896
                                                                                                                                • Opcode ID: 5a4ba3547874455eaba56b6e691ea4ad72fbd284cd0c689d3372cf9a5d5bc8a5
                                                                                                                                • Instruction ID: 32b468d8bcae0253c0188ee6b45da53d56fb7fd7f4e9266777e0bf75af7a0df2
                                                                                                                                • Opcode Fuzzy Hash: 5a4ba3547874455eaba56b6e691ea4ad72fbd284cd0c689d3372cf9a5d5bc8a5
                                                                                                                                • Instruction Fuzzy Hash: E02139B1C01384EADF24EFA5C884BDAB7F8AF45704F00805AE915AF651EB74E648CF65
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AC48E Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$___from_strstr_to_strchr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3409252457-0
                                                                                                                                • Opcode ID: c1f600d2b84953367af810928d93ea90e570bc19d4164d88a7da130824a9f228
                                                                                                                                • Instruction ID: 38ae002ec71a4e4306e8c70086d1f37e8f68df90131a2ce14f9b863f22084785
                                                                                                                                • Opcode Fuzzy Hash: c1f600d2b84953367af810928d93ea90e570bc19d4164d88a7da130824a9f228
                                                                                                                                • Instruction Fuzzy Hash: 6F51F8B1948605AFDB10FFF98840B9D7BF8AF06718F11416EE91097A43EB32D6478B50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00FD29 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 277COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
                                                                                                                                • API String ID: 2427045233-4239264347
                                                                                                                                • Opcode ID: a73399a47a7c49579a2137aa4aae041152eeb478072cae92617c67b17dde9c29
                                                                                                                                • Instruction ID: 8662dffb448e7c32ea8d1b59a4837f96e7a91d389c64e09810023d2a9b2a5ebe
                                                                                                                                • Opcode Fuzzy Hash: a73399a47a7c49579a2137aa4aae041152eeb478072cae92617c67b17dde9c29
                                                                                                                                • Instruction Fuzzy Hash: 89B14D71E05209EEEF04CFA4D950BEEBBF9AF09304F21405EE045B7681DB746A49CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C027470 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 276COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C02747A
                                                                                                                                  • Part of subcall function 6C0189ED: __EH_prolog3_GS.LIBCMT ref: 6C0189F4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Override$Registry Check$eligible_offer$method_used$reg_key_found
                                                                                                                                • API String ID: 2427045233-1777984204
                                                                                                                                • Opcode ID: da69f3972ab1ec2a9817fafa4ac181a44f79b170a334be672c8b1149732ba3e2
                                                                                                                                • Instruction ID: 634626d258845f29f22d34f7b5736223a97049f5b75e4187ae9007f6f92f3089
                                                                                                                                • Opcode Fuzzy Hash: da69f3972ab1ec2a9817fafa4ac181a44f79b170a334be672c8b1149732ba3e2
                                                                                                                                • Instruction Fuzzy Hash: 0BC14970D05258DEEB15CFA8C980BDDBBF8AF19304F5040AED549A7681DB74AA89CF21
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C01830E Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 231COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: field_code$position$text$type$url
                                                                                                                                • API String ID: 2427045233-2287198212
                                                                                                                                • Opcode ID: 7c4432ba9e0dc0ea6e0b0442c99d1f3e1c183b5505ab7f26bfe1c5904b76f23d
                                                                                                                                • Instruction ID: 17f2ef5139517d328f49efe10792e1f45de1c6d014b95dbe23b37bb890e40372
                                                                                                                                • Opcode Fuzzy Hash: 7c4432ba9e0dc0ea6e0b0442c99d1f3e1c183b5505ab7f26bfe1c5904b76f23d
                                                                                                                                • Instruction Fuzzy Hash: DC911BB1C19259AFDB19CFD8E880BEEBBF8EF08304F10451EE145A7641DB34A649CB65
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C078329 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFileAttributesExW.KERNEL32(?,00000000,?,?,?), ref: 6C0783CB
                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 6C0783D5
                                                                                                                                • ___std_fs_open_handle@16.LIBCPMT ref: 6C078435
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AttributesErrorFileLast___std_fs_open_handle@16
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 617199260-0
                                                                                                                                • Opcode ID: de2bcc940a2b04211b0c8881d1ca43469e02a6884c6cbb2df4c76ad7f2e18916
                                                                                                                                • Instruction ID: ba459eb896813d4dfb8a6e5d85286e79202cb28628cb864305dfb9d63978d7d2
                                                                                                                                • Opcode Fuzzy Hash: de2bcc940a2b04211b0c8881d1ca43469e02a6884c6cbb2df4c76ad7f2e18916
                                                                                                                                • Instruction Fuzzy Hash: F5616B71A057059BDB18CF68C841BAAB7F4BF45318F10471AED60EBB80E774E511CBA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A56FA Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0A4B48: RtlAllocateHeap.NTDLL(00000000,?,?,?,6C08C9C2,?,?,?,?,?,6C0083C9,?,?,?), ref: 6C0A4B7A
                                                                                                                                • _free.LIBCMT ref: 6C0A5809
                                                                                                                                • _free.LIBCMT ref: 6C0A5820
                                                                                                                                • _free.LIBCMT ref: 6C0A583D
                                                                                                                                • _free.LIBCMT ref: 6C0A5858
                                                                                                                                • _free.LIBCMT ref: 6C0A586F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$AllocateHeap
                                                                                                                                • String ID: tNl
                                                                                                                                • API String ID: 3033488037-32935396
                                                                                                                                • Opcode ID: eef85a7dda67deda410bcb16dd251ee12a837a21b22f2bd40c540d615ef24524
                                                                                                                                • Instruction ID: bc0c2fa4169c85cb912e1c1542937f8b4c4ac72d3bc5dcfde5c92973a6f4ab2d
                                                                                                                                • Opcode Fuzzy Hash: eef85a7dda67deda410bcb16dd251ee12a837a21b22f2bd40c540d615ef24524
                                                                                                                                • Instruction Fuzzy Hash: AD51A275A00A04AFDB15DFE9CC81B9E77F4FF49728F140569E815EBA91E731EA028B40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00BC1A Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 182COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00BC24
                                                                                                                                  • Part of subcall function 6C00ADFC: __EH_prolog3_GS.LIBCMT ref: 6C00AE06
                                                                                                                                  • Part of subcall function 6C00ADFC: GetModuleHandleA.KERNEL32(ntdll,RtlGetVersion,0000016C,6C00ADB4,?,?,00000030,00000004,Function_000089D4,?,?,Windows 7,00000009,6.1,00000003,Windows 8), ref: 6C00AE1E
                                                                                                                                  • Part of subcall function 6C00ADFC: GetProcAddress.KERNEL32(00000000), ref: 6C00AE25
                                                                                                                                  • Part of subcall function 6C0107B7: GetCurrentProcess.KERNEL32(?), ref: 6C0107D0
                                                                                                                                  • Part of subcall function 6C0107B7: IsWow64Process.KERNEL32(00000000), ref: 6C0107D7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_Process$AddressCurrentHandleModuleProcWow64
                                                                                                                                • String ID: ; Win$; x$Mozilla/5.0 (Windows NT $User-Agent$x
                                                                                                                                • API String ID: 2786067876-1645716581
                                                                                                                                • Opcode ID: 9030094a979bb37d37c5e46d0c285a29c0d60ca35ce93118bd5da764c0faac16
                                                                                                                                • Instruction ID: 532c3dbbc63400b8220fa4a882743299bf20e772be7eb41f0f6e98a67b9d1a65
                                                                                                                                • Opcode Fuzzy Hash: 9030094a979bb37d37c5e46d0c285a29c0d60ca35ce93118bd5da764c0faac16
                                                                                                                                • Instruction Fuzzy Hash: A871AB71E00248DFEF10DBA4C840BEDBBF4AF19308F554099E449BB781DB746A49CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08EA10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6C08EA47
                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 6C08EA4F
                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6C08EAD8
                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 6C08EB03
                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 6C08EB58
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                • Opcode ID: 9d99780f8146b74e59f79be0a8837a1edc4591800fbb9697c041b2378c33b95b
                                                                                                                                • Instruction ID: 29a27af43686927152b3a934591f84b7c7b480b23119d568ca6026471c77c3ec
                                                                                                                                • Opcode Fuzzy Hash: 9d99780f8146b74e59f79be0a8837a1edc4591800fbb9697c041b2378c33b95b
                                                                                                                                • Instruction Fuzzy Hash: 09416138A022199BCF00CF68C880B9EBBF5BF46728F10C1A5E8255B791D735AA05CBD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C013351 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 95registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0134FE: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,6C013375,?,00000208), ref: 6C01352A
                                                                                                                                  • Part of subcall function 6C0134FE: GetFileVersionInfoSizeW.VERSION(?,?,?,?,?,?,6C013375,?,00000208), ref: 6C01354C
                                                                                                                                  • Part of subcall function 6C0134FE: GetFileVersionInfoW.VERSION(?,?,00002000,?,6C013375,?,00000208), ref: 6C01358C
                                                                                                                                  • Part of subcall function 6C0134FE: VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,00002000,?,6C013375,?,00000208), ref: 6C0135BF
                                                                                                                                  • Part of subcall function 6C0134FE: VerQueryValueW.VERSION(?,?,?,?,\VarFileInfo\Translation,?,?,?,?,00002000,?,6C013375,?,00000208), ref: 6C013636
                                                                                                                                • RegCreateKeyExW.ADVAPI32(80000002,SOFTWARE\Google\No Chrome Offer Until,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 6C0133B4
                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 6C013407
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 6C013470
                                                                                                                                Strings
                                                                                                                                • SOFTWARE\Google\No Chrome Offer Until, xrefs: 6C0133A2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileQueryValue$InfoVersion$CloseCreateModuleNameSize
                                                                                                                                • String ID: SOFTWARE\Google\No Chrome Offer Until
                                                                                                                                • API String ID: 592698673-1538224596
                                                                                                                                • Opcode ID: d47b495d10e63db514c1b5e6255ecaa31dff944ad774d742ed46f26fda796b19
                                                                                                                                • Instruction ID: 4eca81e2036ddbe7cd84b5540156f07f9ce5668361d2eaf8b5b15b3799af3958
                                                                                                                                • Opcode Fuzzy Hash: d47b495d10e63db514c1b5e6255ecaa31dff944ad774d742ed46f26fda796b19
                                                                                                                                • Instruction Fuzzy Hash: AE3110B294421CABEB21DB95DC4DFEAB7FCEB59304F1041EAE509A3540DB716A848E60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C01C4DA Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C01C4E4
                                                                                                                                  • Part of subcall function 6C00AC27: __EH_prolog3_GS.LIBCMT ref: 6C00AC31
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: GOM Player$NO_INSTALLER_URL$Windows 7$chrome$could not locate installer URL
                                                                                                                                • API String ID: 2427045233-633350276
                                                                                                                                • Opcode ID: 747e0c6279302e35a369707d8a02685c07df112279bf9c9170201e9a5661aeea
                                                                                                                                • Instruction ID: 98f6948f599c4b6715310df1f4ae475b67f62851dbb95d1d6f35f4dad55e306b
                                                                                                                                • Opcode Fuzzy Hash: 747e0c6279302e35a369707d8a02685c07df112279bf9c9170201e9a5661aeea
                                                                                                                                • Instruction Fuzzy Hash: BF315E306083049FDB14EFA8C890BDDFBF5AF06348F5041D8D59967B91CB71AA88CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A397B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                • API String ID: 0-537541572
                                                                                                                                • Opcode ID: f22025595f3d3d1b124d1a54a1b75a39bd87c726a8c2b7106a77ee7b588a0407
                                                                                                                                • Instruction ID: ac1a12799a30aeb283909bfe7cf6fba668e6d9758c933aa89fc021eae7406735
                                                                                                                                • Opcode Fuzzy Hash: f22025595f3d3d1b124d1a54a1b75a39bd87c726a8c2b7106a77ee7b588a0407
                                                                                                                                • Instruction Fuzzy Hash: 5E21EB72B05630ABDB118BE9CC44B8F37F89F1A764F250614ED15A7A92EB31DD02C5D0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0ADD7E Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C0ADACA: _free.LIBCMT ref: 6C0ADAEF
                                                                                                                                • _free.LIBCMT ref: 6C0ADDCC
                                                                                                                                  • Part of subcall function 6C0A376B: RtlFreeHeap.NTDLL(00000000,00000000,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?), ref: 6C0A3781
                                                                                                                                  • Part of subcall function 6C0A376B: GetLastError.KERNEL32(?,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?,?), ref: 6C0A3793
                                                                                                                                • _free.LIBCMT ref: 6C0ADDD7
                                                                                                                                • _free.LIBCMT ref: 6C0ADDE2
                                                                                                                                • _free.LIBCMT ref: 6C0ADE36
                                                                                                                                • _free.LIBCMT ref: 6C0ADE41
                                                                                                                                • _free.LIBCMT ref: 6C0ADE4C
                                                                                                                                • _free.LIBCMT ref: 6C0ADE57
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 776569668-0
                                                                                                                                • Opcode ID: a279346b0409853357ad2a20af63b53d0773cb442c03b6b1863834be15b31bc1
                                                                                                                                • Instruction ID: 6955678dd2bd6138547f9da96639f766fb5ee5fcf5cd72d5e19b27a59b99aab9
                                                                                                                                • Opcode Fuzzy Hash: a279346b0409853357ad2a20af63b53d0773cb442c03b6b1863834be15b31bc1
                                                                                                                                • Instruction Fuzzy Hash: 61119D72504F04AAD531A7F0CC4AFDF77DC6F15B14F440814AA9967A52CB24B70A8740
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A1988 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetConsoleCP.KERNEL32(6C0912A7,00000000,00000000), ref: 6C0A19D0
                                                                                                                                • __fassign.LIBCMT ref: 6C0A1BAF
                                                                                                                                • __fassign.LIBCMT ref: 6C0A1BCC
                                                                                                                                • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C0A1C14
                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6C0A1C54
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C0A1D00
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4031098158-0
                                                                                                                                • Opcode ID: b11c82c3bea51fb6b393caf65162968163cb836c7b4323e220047d273f740b14
                                                                                                                                • Instruction ID: 63ca431c741faf8437103f1a36c08bf16d542b9c7d19ea65d250e2c5446083d7
                                                                                                                                • Opcode Fuzzy Hash: b11c82c3bea51fb6b393caf65162968163cb836c7b4323e220047d273f740b14
                                                                                                                                • Instruction Fuzzy Hash: 15D18B75E01258DFCF15CFE8C880AEDBBF5AF49314F24416AE856BB242E731A946CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04BB60 Relevance: 9.2, APIs: 6, Instructions: 243COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BBDC
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BBF0
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BC48
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BC75
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BCDC
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04BE52
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 885266447-0
                                                                                                                                • Opcode ID: 904014ca3889d2eb352cef1adf67330465a8d2b9caf6ee3511cb6786b6d85ba1
                                                                                                                                • Instruction ID: 15bfc0c167ae8fa5aa8c50c10f14a9e88d68c75cb2a1b89813394dc1292c2a9d
                                                                                                                                • Opcode Fuzzy Hash: 904014ca3889d2eb352cef1adf67330465a8d2b9caf6ee3511cb6786b6d85ba1
                                                                                                                                • Instruction Fuzzy Hash: 8191C274A05B409BDB10DF29C880B9F77E4EF89718F0486B9EC489B756EF70A844C7A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08AB9B Relevance: 9.2, APIs: 6, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetCPInfo.KERNEL32(?,6C02511C,04924925,?,0C75FFF8,6C025813,?,?,?,?,?,?,6C02511C,00000000,04924925,6C025813), ref: 6C08AC26
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,00000000,?,?,?,?,?,?,6C02511C,00000000,04924925,6C025813), ref: 6C08ACB4
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,6C02511C,00000000,04924925,6C025813), ref: 6C08AD26
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,?,?,?,?,?,6C02511C,00000000,04924925,6C025813), ref: 6C08AD40
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,?,?,?,6C02511C,00000000,04924925,6C025813), ref: 6C08ADA3
                                                                                                                                • CompareStringEx.KERNEL32(00000000,6C025813,?,?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,6C02511C), ref: 6C08ADC0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2984826149-0
                                                                                                                                • Opcode ID: 6db19f3edcd52af5c95077f34ff71d557e9e9879fc241d6446a0d9bca84cb8fb
                                                                                                                                • Instruction ID: fb20d153f95bde0678807e9ed05de7a3c4868c33bc86330fd9b5b20de3466323
                                                                                                                                • Opcode Fuzzy Hash: 6db19f3edcd52af5c95077f34ff71d557e9e9879fc241d6446a0d9bca84cb8fb
                                                                                                                                • Instruction Fuzzy Hash: A1719F3290224AABDF118EA4CC40BEE7BFAAF4A719F348115E415E7E90EB35D444CB60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0336A0 Relevance: 9.2, APIs: 6, Instructions: 183COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • InitializeCriticalSectionEx.KERNEL32(00000000,00000000,00000001), ref: 6C03373D
                                                                                                                                  • Part of subcall function 6C04ADA0: socket.WS2_32 ref: 6C04ADD1
                                                                                                                                  • Part of subcall function 6C04ADA0: htonl.WS2_32(7F000001), ref: 6C04ADF6
                                                                                                                                  • Part of subcall function 6C04ADA0: setsockopt.WS2_32(00000000,0000FFFF,00000004,00000006,00000004), ref: 6C04AE23
                                                                                                                                  • Part of subcall function 6C04ADA0: bind.WS2_32(00000000,00000001,00000010), ref: 6C04AE3A
                                                                                                                                  • Part of subcall function 6C04ADA0: getsockname.WS2_32(00000000,00000001,00000006), ref: 6C04AE54
                                                                                                                                  • Part of subcall function 6C04ADA0: listen.WS2_32(00000000,00000001), ref: 6C04AE66
                                                                                                                                  • Part of subcall function 6C04ADA0: socket.WS2_32(00000002,00000001,00000000), ref: 6C04AE7B
                                                                                                                                  • Part of subcall function 6C04ADA0: connect.WS2_32(00000000,00000001,00000010), ref: 6C04AE90
                                                                                                                                  • Part of subcall function 6C04ADA0: accept.WS2_32(00000000,00000000,00000000), ref: 6C04AEA4
                                                                                                                                  • Part of subcall function 6C04ADA0: send.WS2_32(?,?,?,00000000), ref: 6C04AEE5
                                                                                                                                  • Part of subcall function 6C04F470: WaitForSingleObjectEx.KERNEL32(6C029A87,000000FF,00000000,?,00000010,6C033510,?), ref: 6C04F47C
                                                                                                                                  • Part of subcall function 6C04F470: CloseHandle.KERNEL32(6C029A87), ref: 6C04F488
                                                                                                                                • DeleteCriticalSection.KERNEL32(00000000), ref: 6C033771
                                                                                                                                • closesocket.WS2_32(?), ref: 6C0337A7
                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6C033863
                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6C033876
                                                                                                                                • closesocket.WS2_32(?), ref: 6C0338CE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$closesocketsocket$CloseDeleteEnterHandleInitializeLeaveObjectSingleWaitacceptbindconnectgetsocknamehtonllistensendsetsockopt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3136614216-0
                                                                                                                                • Opcode ID: c35d531ee1784772154b841b3ae6365fcc216fa749a92c5fd66a92b10401e131
                                                                                                                                • Instruction ID: 60dc807eec0019349b6291fdc9d8243dc0678e400dfaf379d79771a2910ea14c
                                                                                                                                • Opcode Fuzzy Hash: c35d531ee1784772154b841b3ae6365fcc216fa749a92c5fd66a92b10401e131
                                                                                                                                • Instruction Fuzzy Hash: 5061A4B1A04306AFEB009F24D888B8A7BF4FF09709F144528E91C9B691DB75F559CFA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C078EEE Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 6C078F37
                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 6C078FA2
                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C078FBF
                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 6C078FFE
                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C07905D
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6C079080
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiStringWide
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2829165498-0
                                                                                                                                • Opcode ID: 4655ea7de79de061431d363d2480859b82fd74ab932e4def72e7e1b14f4d7024
                                                                                                                                • Instruction ID: 1acccf683523c6403061bfb109b19e949577e7a0e027afef285b03c07b875d17
                                                                                                                                • Opcode Fuzzy Hash: 4655ea7de79de061431d363d2480859b82fd74ab932e4def72e7e1b14f4d7024
                                                                                                                                • Instruction Fuzzy Hash: BE51D03261121AAFEF248F64CC48FAB3BF9EB41758F204125F914A7550DB36E810CBB8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03FAB0 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,?), ref: 6C03FB7A
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,?,00000001,?), ref: 6C03FB81
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,?,00000020,?,?,00000001,?), ref: 6C03FB8C
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,?,00000010,?,?,00000020,?,?,00000001,?), ref: 6C03FB93
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?), ref: 6C03FB9F
                                                                                                                                • VerifyVersionInfoA.KERNEL32(?,00000033,00000000), ref: 6C03FBAA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2793162063-0
                                                                                                                                • Opcode ID: a12db1e765de136a582f6ea62925a34228dec45f742d0ede97be13895364b92c
                                                                                                                                • Instruction ID: 8e6867b21953492190e9fd863a676a16ce4aeadf36c0738619427a12a3e85a5f
                                                                                                                                • Opcode Fuzzy Hash: a12db1e765de136a582f6ea62925a34228dec45f742d0ede97be13895364b92c
                                                                                                                                • Instruction Fuzzy Hash: AD3172B0608380AEE720CB28CC95F5FBBE8ABCA754F54885DF18C97281C675D9448B67
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02161E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 312registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6C02163C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID: DisplayName$HKEY_LOCAL_MACHINE$InstallLocation
                                                                                                                                • API String ID: 3535843008-2082555136
                                                                                                                                • Opcode ID: e2358ee70027c73ec942d5cfe418561196903a5bcbda4ae90821c8d35bbdf8d7
                                                                                                                                • Instruction ID: c68f49427f0609489185c977b17956a694c11cedec8fed4ea55723ffa4699e33
                                                                                                                                • Opcode Fuzzy Hash: e2358ee70027c73ec942d5cfe418561196903a5bcbda4ae90821c8d35bbdf8d7
                                                                                                                                • Instruction Fuzzy Hash: 6ED12771D05258EEDF14DBA4C890BEEB7B9BF19308F1040A9D109B3A91EB356B8CCB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08EC81 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(00000001,?,6C08EB92,6C08B39F,6C08BFE3,?,6C08C21B,?,00000001,?,?,00000001,?,6C0E0B00,0000000C,6C08C314), ref: 6C08EC8F
                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C08EC9D
                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C08ECB6
                                                                                                                                • SetLastError.KERNEL32(00000000,6C08C21B,?,00000001,?,?,00000001,?,6C0E0B00,0000000C,6C08C314,?,00000001,?), ref: 6C08ED08
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                • Opcode ID: ae0736ebf831a8a91295365905735621e6350c2e823276c305813f6af59ff085
                                                                                                                                • Instruction ID: 36e23c12482bd205d4fd5b67b6668d11b4aa24e8ad1522aed330cd2347ad14ec
                                                                                                                                • Opcode Fuzzy Hash: ae0736ebf831a8a91295365905735621e6350c2e823276c305813f6af59ff085
                                                                                                                                • Instruction Fuzzy Hash: B701B53760F7116E9F5419759C84B972EE8DB0AA7CB30832DF53446AE0EF6158065194
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C01D7DC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 245COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C01D7E6
                                                                                                                                  • Part of subcall function 6C01DC13: __EH_prolog3_GS.LIBCMT ref: 6C01DC1A
                                                                                                                                  • Part of subcall function 6C01C7CB: __EH_prolog3_catch.LIBCMT ref: 6C01C7D2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_$H_prolog3_catch
                                                                                                                                • String ID: country$is_eligible_offer$message$offers
                                                                                                                                • API String ID: 756925408-119460868
                                                                                                                                • Opcode ID: 4b0bd5c2b29c6d52c126bf135a92e6f0666d1d9f5868b47cb7a5d00a85effe91
                                                                                                                                • Instruction ID: efc10650b4a151d4f17cd55d49e611efe6921bdb31bbc86e53d3322904ad95ff
                                                                                                                                • Opcode Fuzzy Hash: 4b0bd5c2b29c6d52c126bf135a92e6f0666d1d9f5868b47cb7a5d00a85effe91
                                                                                                                                • Instruction Fuzzy Hash: 6DA13B71909258AEDB29DFA4D984BDDFBF4AF08304F1045DAD409B7641DB34AB88CF61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0268EE Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 206COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C0268F8
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Google Chrome Criteria Checker$Override$check_offer$method_used
                                                                                                                                • API String ID: 2427045233-3058322852
                                                                                                                                • Opcode ID: 0f0f9234f2320f472cd9bf6d9e9779a058ce93d23482df14a749de031a864c16
                                                                                                                                • Instruction ID: 5a4cfe10502eb76ad3c0ec7717e26e51a89a8052c3f292bce4605e28cbd5a32c
                                                                                                                                • Opcode Fuzzy Hash: 0f0f9234f2320f472cd9bf6d9e9779a058ce93d23482df14a749de031a864c16
                                                                                                                                • Instruction Fuzzy Hash: 1F813871D05248DEDB15CFA8C880BEDBBF8BF09304F6045AED045E7681DB75AA89CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C027209 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 204COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C027213
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Override$Registry Check$check_offer$method_used
                                                                                                                                • API String ID: 2427045233-1096815906
                                                                                                                                • Opcode ID: 5be34ee3a3ee7e9f63a36588fefc78e43a91433db95761a65859f3a26fa1e811
                                                                                                                                • Instruction ID: 724197a13b815aa0c95c50d7a3c40309c8a60e692d9be4df74c645b362c70f68
                                                                                                                                • Opcode Fuzzy Hash: 5be34ee3a3ee7e9f63a36588fefc78e43a91433db95761a65859f3a26fa1e811
                                                                                                                                • Instruction Fuzzy Hash: AA814B71D0524CDEDB14CFA8C880BDDBBF8BF09304F6045AEE145A7681DB75AA89CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C019AE5 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 201COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C019AEF
                                                                                                                                  • Part of subcall function 6C0189ED: __EH_prolog3_GS.LIBCMT ref: 6C0189F4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: active_offer$errors$is_eligible_offer$offers_checked
                                                                                                                                • API String ID: 2427045233-2871373776
                                                                                                                                • Opcode ID: 71fe7df3f75a98c55c5db9ad061f419a8244b9a61c05c7002eb72d2a81eede02
                                                                                                                                • Instruction ID: 147ee9d6eb9d71de8db11667d0c7b0bbe6343e219b3a522fb518a2d6f69dc84e
                                                                                                                                • Opcode Fuzzy Hash: 71fe7df3f75a98c55c5db9ad061f419a8244b9a61c05c7002eb72d2a81eede02
                                                                                                                                • Instruction Fuzzy Hash: 44716070D052489EDF04DBE8C941BEDBBF8AF18308F64419AE055B7781DB756B48CB62
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04C330 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 198COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C410
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C04C501
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID: %2I64d:%02I64d:%02I64d$%3I64dd %02I64dh$%7I64dd
                                                                                                                                • API String ID: 885266447-564197712
                                                                                                                                • Opcode ID: 88144672d21f0343bc17f2825c6313e19bd6ac60a50fc8e9b4413946362b0e16
                                                                                                                                • Instruction ID: 23bde267cfdd30b67ce651bb41262055eace9f7e17c507dcf125ab60b10e1a36
                                                                                                                                • Opcode Fuzzy Hash: 88144672d21f0343bc17f2825c6313e19bd6ac60a50fc8e9b4413946362b0e16
                                                                                                                                • Instruction Fuzzy Hash: 1C516A76B043045BD308AE2CCC40B6FB6D6E7D8714F498A3DF958E3791E6B9ED084681
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03B4B0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 168COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C03B5BB
                                                                                                                                Strings
                                                                                                                                • No valid port number in connect to host string (%s), xrefs: 6C03B602
                                                                                                                                • Please URL encode %% as %%25, see RFC 6874., xrefs: 6C03B550
                                                                                                                                • Invalid IPv6 address format, xrefs: 6C03B5AA
                                                                                                                                • %25, xrefs: 6C03B53F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr
                                                                                                                                • String ID: %25$Invalid IPv6 address format$No valid port number in connect to host string (%s)$Please URL encode %% as %%25, see RFC 6874.
                                                                                                                                • API String ID: 601868998-2404041592
                                                                                                                                • Opcode ID: 0da3e748e2e4bbdb89b5f64b3be496b732496b73b363f659c8d80407a0438fc6
                                                                                                                                • Instruction ID: 5011e27a658ba0fcc188a1316bd12bfb4b3f7edad5879a210d5c7b647aa83488
                                                                                                                                • Opcode Fuzzy Hash: 0da3e748e2e4bbdb89b5f64b3be496b732496b73b363f659c8d80407a0438fc6
                                                                                                                                • Instruction Fuzzy Hash: E641BAB16097630FE7118F25AC4076B7BE89F0635CF181A29F8DDD7A42E325D10A8772
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02674B Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 130COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C026755
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Manual$app_launch$app_runtime_ms$method
                                                                                                                                • API String ID: 2427045233-1394447367
                                                                                                                                • Opcode ID: 7c7e57995a66e1d23655599841b58b45e6be9cfa1943b6fe0d8723002f5d745b
                                                                                                                                • Instruction ID: 158f0ab8bb7a3089f70ac5e39228a4eed245d162bfe38f174cfc8315fe515448
                                                                                                                                • Opcode Fuzzy Hash: 7c7e57995a66e1d23655599841b58b45e6be9cfa1943b6fe0d8723002f5d745b
                                                                                                                                • Instruction Fuzzy Hash: B1513B71D0139CEEDF11CBA8CC84BDDBFF8AB15308F5444AAD448A7641EB756A48CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03F7E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C03F897
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr
                                                                                                                                • String ID: %.*s$%sAuthorization: Digest %s$Digest$Proxy-
                                                                                                                                • API String ID: 601868998-3976116069
                                                                                                                                • Opcode ID: c556b7e1b4b53e362cc6cbf10b297a7eff2bb7f0ad0ba6d20a00ac7af52c678f
                                                                                                                                • Instruction ID: aee93bdaf873e6cbb1a05d16144afdf741c0b8cc260d00a7a6c68d66e07fe686
                                                                                                                                • Opcode Fuzzy Hash: c556b7e1b4b53e362cc6cbf10b297a7eff2bb7f0ad0ba6d20a00ac7af52c678f
                                                                                                                                • Instruction Fuzzy Hash: CE41C2756043069FD704DF58DC40BABBBE8EF89354F8404B9F948C7252EB75E9188BA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02168F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 95registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C021696
                                                                                                                                • RegGetValueW.ADVAPI32(?,00000000,?,00000002,00000000,00000000,00000008,00000020,6C0213A1,?,?,DisplayName,?,?,6C0BAE84,?), ref: 6C0216C7
                                                                                                                                • RegGetValueW.ADVAPI32(?,00000000,?,00000002,00000000,?,00000008,00000007,00000000,?,00000000,?,00000002,00000000,00000000,00000008), ref: 6C02172B
                                                                                                                                  • Part of subcall function 6C00EE18: _wmemset.LIBCMT ref: 6C00EE47
                                                                                                                                Strings
                                                                                                                                • Cannot get size of string value: RegGetValue failed., xrefs: 6C021773
                                                                                                                                • Cannot get string value: RegGetValue failed., xrefs: 6C021736
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Value$H_prolog3__wmemset
                                                                                                                                • String ID: Cannot get size of string value: RegGetValue failed.$Cannot get string value: RegGetValue failed.
                                                                                                                                • API String ID: 2620600002-2908285974
                                                                                                                                • Opcode ID: 31be9b7e6d2bea275b6249de2f3f78f099f12706d1c9bd4680d429ac25c9fbbb
                                                                                                                                • Instruction ID: 324a2e91be3b6b8ad208852f52d96d057f22bb7b441b35456f6904927d15c9be
                                                                                                                                • Opcode Fuzzy Hash: 31be9b7e6d2bea275b6249de2f3f78f099f12706d1c9bd4680d429ac25c9fbbb
                                                                                                                                • Instruction Fuzzy Hash: 69312D70A01705AFEB24CF68C944F6EB7F9EF88704F50851DE095A7A50D735AE09CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00ADFC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00AE06
                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll,RtlGetVersion,0000016C,6C00ADB4,?,?,00000030,00000004,Function_000089D4,?,?,Windows 7,00000009,6.1,00000003,Windows 8), ref: 6C00AE1E
                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 6C00AE25
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                                • String ID: RtlGetVersion$ntdll
                                                                                                                                • API String ID: 2418878492-2582309562
                                                                                                                                • Opcode ID: 33bab94c820a82d4678c1e4dbf5a6de4d8e5e3c153902ee8f84661109cb2eca2
                                                                                                                                • Instruction ID: b3b7ec8b7a2dc40858535cb87566a5b5d57e81c1b1fa98b1da6bf4f474e0ebf6
                                                                                                                                • Opcode Fuzzy Hash: 33bab94c820a82d4678c1e4dbf5a6de4d8e5e3c153902ee8f84661109cb2eca2
                                                                                                                                • Instruction Fuzzy Hash: 7521BD71A00218A6EF21DB648C05FDF77F8AF4A754F8140D4E90C77681EB756F89CAA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00A412 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00A41C
                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,/PlayaNext.CoreInstaller.exe,0000001C,?,?,00000026,?,https://files.playanext.com/Installer/), ref: 6C00A4AC
                                                                                                                                Strings
                                                                                                                                • https://files.playanext.com/Installer/, xrefs: 6C00A42F
                                                                                                                                • PlayaNext.CoreInstaller.exe, xrefs: 6C00A4E3
                                                                                                                                • /PlayaNext.CoreInstaller.exe, xrefs: 6C00A487
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_PathTemp
                                                                                                                                • String ID: /PlayaNext.CoreInstaller.exe$PlayaNext.CoreInstaller.exe$https://files.playanext.com/Installer/
                                                                                                                                • API String ID: 3218844505-4165019449
                                                                                                                                • Opcode ID: abb5dc6b4c661c4d35e52fa23fbfbd5f5b0c3272914296c8a37a38325ce6985b
                                                                                                                                • Instruction ID: f8f9c194a3ba1b8c0c9bd6e909344678ecc7766ad7aebeef91d4d8ab60ba5523
                                                                                                                                • Opcode Fuzzy Hash: abb5dc6b4c661c4d35e52fa23fbfbd5f5b0c3272914296c8a37a38325ce6985b
                                                                                                                                • Instruction Fuzzy Hash: DA313A71A4621CDBEB24EB54CC89BD9B3F8AB08304F6145D9E049A7690DB75AFC8CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0199DB Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C0199E2
                                                                                                                                  • Part of subcall function 6C0189ED: __EH_prolog3_GS.LIBCMT ref: 6C0189F4
                                                                                                                                  • Part of subcall function 6C01A2F6: __EH_prolog3_GS.LIBCMT ref: 6C01A300
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: active_offer$errors$is_eligible_offer$offers_checked
                                                                                                                                • API String ID: 2427045233-2871373776
                                                                                                                                • Opcode ID: e8efc3867e64e064c36a7be23b7f460064cdcdf3b2c4ae2938afc0fcf470ad71
                                                                                                                                • Instruction ID: 37039276f4738b8f2e65727e7585692ecebac74dcbb622aaea98c10b604f8bf1
                                                                                                                                • Opcode Fuzzy Hash: e8efc3867e64e064c36a7be23b7f460064cdcdf3b2c4ae2938afc0fcf470ad71
                                                                                                                                • Instruction Fuzzy Hash: 6A317C30A05248AADF01EBE8C955BEDBAF4AF19308F54419DE45573B81DB752B0CCBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08FCC2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,6C08FD83,00000000,?,00000001,00000000,?,6C08FDFA,00000001,FlsFree,6C0CC74C,6C0CC754,00000000), ref: 6C08FD52
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeLibrary
                                                                                                                                • String ID: api-ms-
                                                                                                                                • API String ID: 3664257935-2084034818
                                                                                                                                • Opcode ID: 9c15a169e9242b799b92a889f319017180832865d4b0281a8d735103f195958a
                                                                                                                                • Instruction ID: 86fa1dbd921c69de6927d39a83bb0f7802849bbafda9f60c865b3b69f17832ce
                                                                                                                                • Opcode Fuzzy Hash: 9c15a169e9242b799b92a889f319017180832865d4b0281a8d735103f195958a
                                                                                                                                • Instruction Fuzzy Hash: D511A735A46721ABDF128A79CC4474D33FD9F02B64F248610EB14AB680DB70E90186D5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09FB9C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6C09FB4E,?,?,6C09FB16,?,00000074,?), ref: 6C09FBB1
                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6C09FBC4
                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,6C09FB4E,?,?,6C09FB16,?,00000074,?), ref: 6C09FBE7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                • Opcode ID: ed252b9bdc753ef46ecdf740c06d8472bd536ac9202523df079ca988dd8f3790
                                                                                                                                • Instruction ID: 2ee100e14d2bc4a85eea511c5a548939aea4d2d4102835dd2ed9fde31404f88b
                                                                                                                                • Opcode Fuzzy Hash: ed252b9bdc753ef46ecdf740c06d8472bd536ac9202523df079ca988dd8f3790
                                                                                                                                • Instruction Fuzzy Hash: 9DF08C30601118FBDF029B90CD0AFDE7AF9EB05B59F200060B919A2690CF718A00EFD5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09AF59 Relevance: 7.6, APIs: 5, Instructions: 143pipeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFileType.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,6C09B1DE,00000000,?), ref: 6C09AF7B
                                                                                                                                • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C09B1DE,00000000), ref: 6C09AFD5
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,6C09B1DE,00000000,?,?,00000000,?,?), ref: 6C09B063
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C09B06A
                                                                                                                                • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,6C09B1DE), ref: 6C09B0A7
                                                                                                                                  • Part of subcall function 6C09B357: __dosmaperr.LIBCMT ref: 6C09B38C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1206951868-0
                                                                                                                                • Opcode ID: 7440f34e7050feab9137771533ebcf962000cc7c52376438fd1858b2b9a346a1
                                                                                                                                • Instruction ID: 37bf92ce4e5fd5a021d26fdc386531d6771b20846c04ac7ccfce86dc199da067
                                                                                                                                • Opcode Fuzzy Hash: 7440f34e7050feab9137771533ebcf962000cc7c52376438fd1858b2b9a346a1
                                                                                                                                • Instruction Fuzzy Hash: A5414C71900304AFDB24DFB5C844BAFBBF9EF89314B10592DE966D3A10EB31A944DB64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07980B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Maklocstr$Maklocchr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2020259771-0
                                                                                                                                • Opcode ID: dbe1765f939acca7a07d154d5c724a541e2dca7ee2d2ca10d88d3656e74dac6f
                                                                                                                                • Instruction ID: 44faa4906840f84369a8ba00b42e45c8a50c2f42bf041578372f7b897622370d
                                                                                                                                • Opcode Fuzzy Hash: dbe1765f939acca7a07d154d5c724a541e2dca7ee2d2ca10d88d3656e74dac6f
                                                                                                                                • Instruction Fuzzy Hash: 5B1188B1900784BBEB24DBA59C80F52B7ECAF08658F08051AF644CBA40D375F95887F8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C007191 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C007198
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C0071A5
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • codecvt.LIBCPMT ref: 6C0071DC
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C0071F3
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C007209
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3_Registercodecvt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1043818994-0
                                                                                                                                • Opcode ID: 99774b5e6c16e7b90b024b9fc4995a5469393a1e86dbfcfac628e2785aa4f7b8
                                                                                                                                • Instruction ID: 5ea539002b87f55ff8ad313a3d2fd0309cb01aa13165bbe294c0c3de8e1f34e1
                                                                                                                                • Opcode Fuzzy Hash: 99774b5e6c16e7b90b024b9fc4995a5469393a1e86dbfcfac628e2785aa4f7b8
                                                                                                                                • Instruction Fuzzy Hash: AC019631B00515CFDB15DB648444BED77F46F48718F610119EA25AB780DF34BE09CBA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00721C Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C007223
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C007230
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • ctype.LIBCPMT ref: 6C007267
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C00727E
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C007294
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3_Registerctype
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2244429305-0
                                                                                                                                • Opcode ID: 5fd99f404506975435944da26f1acc035a4f17b80c37f88a5cd74aeccce84dbd
                                                                                                                                • Instruction ID: ba9a6f8ba8124d21587c5fd1044f6eb94f8937e8d0a811fe709c7683f9278119
                                                                                                                                • Opcode Fuzzy Hash: 5fd99f404506975435944da26f1acc035a4f17b80c37f88a5cd74aeccce84dbd
                                                                                                                                • Instruction Fuzzy Hash: 4101B571B0161ACFDB14DBA4C444BED77F4AF45728F220118EA15BBB80DF34AE0987A6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AD852 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _free.LIBCMT ref: 6C0AD86A
                                                                                                                                  • Part of subcall function 6C0A376B: RtlFreeHeap.NTDLL(00000000,00000000,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?), ref: 6C0A3781
                                                                                                                                  • Part of subcall function 6C0A376B: GetLastError.KERNEL32(?,?,6C0ADAF4,?,00000000,?,?,?,6C0ADD97,?,00000007,?,?,6C0AD0EA,?,?), ref: 6C0A3793
                                                                                                                                • _free.LIBCMT ref: 6C0AD87C
                                                                                                                                • _free.LIBCMT ref: 6C0AD88E
                                                                                                                                • _free.LIBCMT ref: 6C0AD8A0
                                                                                                                                • _free.LIBCMT ref: 6C0AD8B2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 776569668-0
                                                                                                                                • Opcode ID: a6694d64070799b250ecf0331056d5ea6e935b36e823740001adaeec8effe2ee
                                                                                                                                • Instruction ID: 081c729206a1a660bc739d9ce6e66fd2444246dc8e4f8b6a91c9159ba629f2d1
                                                                                                                                • Opcode Fuzzy Hash: a6694d64070799b250ecf0331056d5ea6e935b36e823740001adaeec8effe2ee
                                                                                                                                • Instruction Fuzzy Hash: F0F068B1505B04578659DADDD5C6E5E77F9AB0EF187700805F414D7E01CB30F88246A4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09E4F4 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 375COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __freea
                                                                                                                                • String ID: a/p$am/pm
                                                                                                                                • API String ID: 240046367-3206640213
                                                                                                                                • Opcode ID: 57522d23bc8a7eff9a5674cccdd572b749fa3a626f45812eff05efddc385545e
                                                                                                                                • Instruction ID: 838801913390b1c415ddf95b9bd8580e64a4747d6dfbc6bed958f8506f0b528d
                                                                                                                                • Opcode Fuzzy Hash: 57522d23bc8a7eff9a5674cccdd572b749fa3a626f45812eff05efddc385545e
                                                                                                                                • Instruction Fuzzy Hash: 89C1E171905216DADB108FA8C884BAFB7F4FF0A708F606159E434ABE90D3359D41EBE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0209DD Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 368registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 6C0209E7
                                                                                                                                  • Part of subcall function 6C013C85: RegOpenKeyExW.ADVAPI32(00000000,?,00000000,?,00000000), ref: 6C013CB5
                                                                                                                                  • Part of subcall function 6C020F97: __EH_prolog3_GS.LIBCMT ref: 6C020F9E
                                                                                                                                  • Part of subcall function 6C020F97: RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000040,6C020AE0,?,?), ref: 6C020FCF
                                                                                                                                  • Part of subcall function 6C020F97: RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6C021030
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6C020B55
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6C020E98
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Close$EnumH_prolog3_H_prolog3_catch_InfoOpenQuery
                                                                                                                                • String ID: HKEY_LOCAL_MACHINE
                                                                                                                                • API String ID: 911406291-2814786349
                                                                                                                                • Opcode ID: 0efeec5a93df4a21a998a6cbef4936c9c4cab60f499b273e0129dfc4eb2c3cc0
                                                                                                                                • Instruction ID: 3ac5ff1d188bbbb88eced30ce154ebc063cd1fda3e59eddf0945035e89a04fbe
                                                                                                                                • Opcode Fuzzy Hash: 0efeec5a93df4a21a998a6cbef4936c9c4cab60f499b273e0129dfc4eb2c3cc0
                                                                                                                                • Instruction Fuzzy Hash: D5E16971900218EBDB14DBA4C890BDDB7F4BF19308F5140A9D549B7A90DB74BB89CFA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C044370 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 275networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 6C0445F5
                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 6C044611
                                                                                                                                Strings
                                                                                                                                • We are completely uploaded and fine, xrefs: 6C044689
                                                                                                                                • Failed to alloc scratch buffer!, xrefs: 6C0444E0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Ioctlsetsockopt
                                                                                                                                • String ID: Failed to alloc scratch buffer!$We are completely uploaded and fine
                                                                                                                                • API String ID: 1903391676-607151321
                                                                                                                                • Opcode ID: 89842bdd740f4815ea0fcb351d9baae780545ac6e417fd3f3d681b81868d6777
                                                                                                                                • Instruction ID: 83f4d077a3b6879ef860a3762e31ebc60c1c559a06cfc603e4f4eb26f89911fc
                                                                                                                                • Opcode Fuzzy Hash: 89842bdd740f4815ea0fcb351d9baae780545ac6e417fd3f3d681b81868d6777
                                                                                                                                • Instruction Fuzzy Hash: ADB1EE71604B01EFE721CE74C880BE7B7E4AF45319F188A3DE5AE86A51E731B145CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C027804 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 187COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C02780E
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: download_time_ms$download_url$success
                                                                                                                                • API String ID: 2427045233-2901543863
                                                                                                                                • Opcode ID: de59f51d149822d95b208f5930a7b3923b2e272cecbd61fed7ce1aa4eff56343
                                                                                                                                • Instruction ID: 388852086e31e2d11cefbd11bf8f4b8063d2c32eedb1c113e2eb32c77039b70e
                                                                                                                                • Opcode Fuzzy Hash: de59f51d149822d95b208f5930a7b3923b2e272cecbd61fed7ce1aa4eff56343
                                                                                                                                • Instruction Fuzzy Hash: B5810975C0529CEEDF11CBA8C944BDEBBF8AB19204F5080EAD449B7241EB745B48CF61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C04E1D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 166COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C04E240
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C04E25A
                                                                                                                                  • Part of subcall function 6C04E120: ___from_strstr_to_strchr.LIBCMT ref: 6C04E14C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr
                                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                                • API String ID: 601868998-885041942
                                                                                                                                • Opcode ID: 6dbbe2bfbac1137aab81176630bc1736b94b2aa3047b734a3e4f729aa802b96a
                                                                                                                                • Instruction ID: f4be28c23cb3259194616ceadb534e604fecd2e8f550b08aa8f4e53f35f25905
                                                                                                                                • Opcode Fuzzy Hash: 6dbbe2bfbac1137aab81176630bc1736b94b2aa3047b734a3e4f729aa802b96a
                                                                                                                                • Instruction Fuzzy Hash: 7A51903160C341CBC705CF29848079FFBE2AFD9649F848A2DE4E997700E771E6888792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00AA38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 6C00AA42
                                                                                                                                  • Part of subcall function 6C00AC27: __EH_prolog3_GS.LIBCMT ref: 6C00AC31
                                                                                                                                  • Part of subcall function 6C010D4F: _Copy_construct_from.LIBCPMT ref: 6C010D95
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Copy_construct_fromH_prolog3_H_prolog3_catch_
                                                                                                                                • String ID: /b:1$/r:$TEST
                                                                                                                                • API String ID: 2290945365-3361035191
                                                                                                                                • Opcode ID: 5c80123060c8be1a0a80d893bd2af2572f64a0b40f622c34d87fc2808b3d1a09
                                                                                                                                • Instruction ID: b40884f6a59c8b4e32f4e8ec4a57eee640922d86b6fa9138f33d8546bbc73c28
                                                                                                                                • Opcode Fuzzy Hash: 5c80123060c8be1a0a80d893bd2af2572f64a0b40f622c34d87fc2808b3d1a09
                                                                                                                                • Instruction Fuzzy Hash: F85113B1E0525CEAEF15DBE8C880BDDBBF8AF08304F61445AE155A7681DB34A689CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03B660 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C03B73C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr
                                                                                                                                • String ID: %s%s%s$Connecting to hostname: %s$Connecting to port: %d
                                                                                                                                • API String ID: 601868998-1840313707
                                                                                                                                • Opcode ID: 62862e11560024811e7e2099b509499fd52fe4410ce58b8378f95230d0572a67
                                                                                                                                • Instruction ID: c7494030fe8479fbcd0cd5629245373dafea2655309d8b5fb60b0a9e9df6b649
                                                                                                                                • Opcode Fuzzy Hash: 62862e11560024811e7e2099b509499fd52fe4410ce58b8378f95230d0572a67
                                                                                                                                • Instruction Fuzzy Hash: F5511171A097629FD7118F198880B9B7BE8EF8531CF042A29FC9C97601D3349A05CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C027048 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 140COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C027052
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: error$error_code$error_description
                                                                                                                                • API String ID: 2427045233-3039027684
                                                                                                                                • Opcode ID: 329a017cace1384ffeefe92abdc14f1148a0895b10bb8ee02d07effa0c05b17f
                                                                                                                                • Instruction ID: 3ed5e7d97a7f2db242967b0766ade9774afaad98fdffd05d25114dde8e835b6d
                                                                                                                                • Opcode Fuzzy Hash: 329a017cace1384ffeefe92abdc14f1148a0895b10bb8ee02d07effa0c05b17f
                                                                                                                                • Instruction Fuzzy Hash: DF513771D01398EEDF11CBE8CC84BDEBBB8AB15304F5484AAD445B7641EB746A08CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08F399 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6C08F3BE
                                                                                                                                • CatchIt.LIBVCRUNTIME ref: 6C08F4A4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CatchEncodePointer
                                                                                                                                • String ID: MOC$RCC
                                                                                                                                • API String ID: 1435073870-2084237596
                                                                                                                                • Opcode ID: 0f8874d5d433a16620ab3fdebe09d708491f8643438bc5869cfa9239acd52ee0
                                                                                                                                • Instruction ID: 68ec9b3176b4a183bd17ad9b82242ce40cd5cf2bf9cf8b2441820ba832ddf033
                                                                                                                                • Opcode Fuzzy Hash: 0f8874d5d433a16620ab3fdebe09d708491f8643438bc5869cfa9239acd52ee0
                                                                                                                                • Instruction Fuzzy Hash: 5B415731902109AFCF01CFA4CD80BEE7BF9FF48318F14915AEA18A7661D335A951DB95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02599B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C0259A2
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Initialize$cpp_sdk_startup$method_used
                                                                                                                                • API String ID: 2427045233-2063243660
                                                                                                                                • Opcode ID: 009fdeacbfcfb17ebe96308632b8ad17f4812316198b061fcb87d0a93684c742
                                                                                                                                • Instruction ID: 69b5537e67dd2ee289bb3ca153f9c90c9c0afdef56b16a2b895d073ddea6beb2
                                                                                                                                • Opcode Fuzzy Hash: 009fdeacbfcfb17ebe96308632b8ad17f4812316198b061fcb87d0a93684c742
                                                                                                                                • Instruction Fuzzy Hash: AA413A70D01348EADF11CFA8C945BDDBBF8AB15304F90846EE445BB681D7B5AA08CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0261B6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C0261BD
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Installer autolaunch$app_launch$method
                                                                                                                                • API String ID: 2427045233-550199773
                                                                                                                                • Opcode ID: 22e084a6f86d735961dd9a8f53c22757bfc396af4c65de3bcbf5db814242cf17
                                                                                                                                • Instruction ID: ec1d80f9debf877e0e6e34e2bce6f3d745ff39877353171cc58dca2eb535a448
                                                                                                                                • Opcode Fuzzy Hash: 22e084a6f86d735961dd9a8f53c22757bfc396af4c65de3bcbf5db814242cf17
                                                                                                                                • Instruction Fuzzy Hash: 9F311971D01388AEDF01DBF8C845BEEBFF8AB15304F50446AD445BB641E7746A08CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0809CE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Mpunct$Getvals
                                                                                                                                • String ID: $+xv
                                                                                                                                • API String ID: 455491934-1686923651
                                                                                                                                • Opcode ID: 93c48573b8e853f4e0c3f263cff05d701beb9336d24fc1777050381e78b84b1e
                                                                                                                                • Instruction ID: a46a40545fca067f88482b3f8ed6b9b8ed80840cbdb707444467a8b6ed01b0fe
                                                                                                                                • Opcode Fuzzy Hash: 93c48573b8e853f4e0c3f263cff05d701beb9336d24fc1777050381e78b84b1e
                                                                                                                                • Instruction Fuzzy Hash: 342183B1905B92AEDF25CF74C85077B7EE8AB08208F044A5AE499C7F41D774E605CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00F005 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::ios_base::failure::failure.LIBCPMT ref: 6C00F050
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::ios_base::failure::failure
                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                • API String ID: 2264918676-1866435925
                                                                                                                                • Opcode ID: 1ca8cc2eeb769ffe250762b357893c9a623568b94b9b406c1a786d563d4a77a2
                                                                                                                                • Instruction ID: 0d9a8ab6bab20b36187c7a5e4b7a036483fd35dbc37d78b74fa8293575a61bd1
                                                                                                                                • Opcode Fuzzy Hash: 1ca8cc2eeb769ffe250762b357893c9a623568b94b9b406c1a786d563d4a77a2
                                                                                                                                • Instruction Fuzzy Hash: FCF0FCB2A043086EFF10DA58C802FD933DC5B00358F158019EE51EBD81EA75A90AC754
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C067150 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C03F960: GetModuleHandleA.KERNEL32(kernel32,00000001,6C0E6598,security.dll,6C06717B,security.dll,00000004,00000000,00000002,00000002,6C03FCB4), ref: 6C03F96A
                                                                                                                                • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceA), ref: 6C06718D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                • String ID: InitSecurityInterfaceA$secur32.dll$security.dll
                                                                                                                                • API String ID: 1646373207-3788156360
                                                                                                                                • Opcode ID: 58c58a790e412e3e7ccb8bfbd9abd9fc22e8c1978da58ec87e08983ee28aabc2
                                                                                                                                • Instruction ID: 1ca530a607d6e4578e32576569b0184abd6e64dd2a3ca3b25e99811614469cb9
                                                                                                                                • Opcode Fuzzy Hash: 58c58a790e412e3e7ccb8bfbd9abd9fc22e8c1978da58ec87e08983ee28aabc2
                                                                                                                                • Instruction Fuzzy Hash: D2F092A07863076AFF504F3F4C96B5A22E98B85F08F954479AA09EEEC5EF34C9008611
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A670B Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _strrchr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3213747228-0
                                                                                                                                • Opcode ID: de563e5064bffd41623e4a73dd44ca4f056d72ad6db94a716abda4ab9a4d8fbe
                                                                                                                                • Instruction ID: 0dbf385d06c2b725f0dccc9908a769f97be0850fb5dfd313e56afb36cb4bd338
                                                                                                                                • Opcode Fuzzy Hash: de563e5064bffd41623e4a73dd44ca4f056d72ad6db94a716abda4ab9a4d8fbe
                                                                                                                                • Instruction Fuzzy Hash: 09B126329052859FDB05CFECC8507EEBBF9EF46304F1482AAD454DBB42D6359A46CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08ED98 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AdjustPointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1740715915-0
                                                                                                                                • Opcode ID: 04a0e09cc3719b6892c72569ce99263cb5f379c972a15537e3cb10b72e2641de
                                                                                                                                • Instruction ID: 9e9df42849a1a681ba4bf7d5eda5046239481d58a68719e3de435c34b26c0019
                                                                                                                                • Opcode Fuzzy Hash: 04a0e09cc3719b6892c72569ce99263cb5f379c972a15537e3cb10b72e2641de
                                                                                                                                • Instruction Fuzzy Hash: 1E51AC7A607606AFEF158F14D840BAA77F5EF45318F24862DE92547A90E731E844CBE0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0ACD66 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • _free.LIBCMT ref: 6C0ACE36
                                                                                                                                • _free.LIBCMT ref: 6C0ACE5F
                                                                                                                                • SetEndOfFile.KERNEL32(00000000,6C0A2CAA,00000000,?,?,?,?,?,?,?,?,6C0A2CAA,?,00000000), ref: 6C0ACE91
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,6C0A2CAA,?,00000000), ref: 6C0ACEAD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _free$ErrorFileLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1547350101-0
                                                                                                                                • Opcode ID: 5f5524befc214e6bef4c8aa3bd278a09edc496e8623874d30ae8ef101d9a5be7
                                                                                                                                • Instruction ID: 91ebab600e13fb082e789c6008fc1915c3abfe2dc41fc79e653b1a8fc4c02105
                                                                                                                                • Opcode Fuzzy Hash: 5f5524befc214e6bef4c8aa3bd278a09edc496e8623874d30ae8ef101d9a5be7
                                                                                                                                • Instruction Fuzzy Hash: 9D41FD32601644ABDF11EBF9CC01BDD37F5AF49728F360111E825A7B92EB32E9465760
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09BE29 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8e9d48b760c073b92188426def4dcdced6ba8450ad9cb5f03a480091598fdedc
                                                                                                                                • Instruction ID: ba1fd719006715fbd19b14eb345e294548678329a83f98f099823c61e0750b2d
                                                                                                                                • Opcode Fuzzy Hash: 8e9d48b760c073b92188426def4dcdced6ba8450ad9cb5f03a480091598fdedc
                                                                                                                                • Instruction Fuzzy Hash: B64128B2A04344AFD7249F3CCC41B9EBBFCEB88724F10956AE141DBB90D771A6449B80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C011228 Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6C011268
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6C011278
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6C011288
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6C0112B1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::bad_exception::bad_exception
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2160870905-0
                                                                                                                                • Opcode ID: 00cefcc9fa16bfebdf295c261de8d1dfa0aa5171bdd5144162cedef07dea5bfe
                                                                                                                                • Instruction ID: fd3955d33b09fd9b5a8ca98a2c7e1d331268e44d50b2eb1d8e77424ae4c6a867
                                                                                                                                • Opcode Fuzzy Hash: 00cefcc9fa16bfebdf295c261de8d1dfa0aa5171bdd5144162cedef07dea5bfe
                                                                                                                                • Instruction Fuzzy Hash: 5031373120D2409ECB1DDAD8C890FEEF3F5BF26308B60461AE16297E84C731E919C750
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0AB4AA Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C09151F: _free.LIBCMT ref: 6C09152D
                                                                                                                                  • Part of subcall function 6C0AAAFF: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,6C0A231A,?,00000000,?,00000000,?,6C0A2089,0000FDE9,00000000,?), ref: 6C0AABA1
                                                                                                                                • GetLastError.KERNEL32 ref: 6C0AB512
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C0AB519
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6C0AB558
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C0AB55F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 167067550-0
                                                                                                                                • Opcode ID: c8f94580cfbda668bee957c47143e6bf576e23e30b4064b8e2b74343df1a7ce1
                                                                                                                                • Instruction ID: bdd723a022f07b1710b45eaf3a434f2a7b102f58c581f085f747f12368ab9596
                                                                                                                                • Opcode Fuzzy Hash: c8f94580cfbda668bee957c47143e6bf576e23e30b4064b8e2b74343df1a7ce1
                                                                                                                                • Instruction Fuzzy Hash: 8F21B27160820DBF97109FF68880B9EB7FCEF0576C7148619E82987A41EB30ED428B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00CE8C Relevance: 6.1, APIs: 4, Instructions: 83threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • Concurrency::details::_CancellationTokenState::TokenRegistrationContainer::remove.LIBCONCRT ref: 6C00CECB
                                                                                                                                • __Mtx_unlock.LIBCPMT ref: 6C00CEE9
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 6C00CF1D
                                                                                                                                • __Mtx_unlock.LIBCPMT ref: 6C00CF63
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Mtx_unlockToken$CancellationConcurrency::details::_Container::removeCurrentRegistrationState::Thread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2731807181-0
                                                                                                                                • Opcode ID: 94c5b5c5a8194fe0c6082c3ef4f0673c16c27a591f72b398bed06edfbd666b64
                                                                                                                                • Instruction ID: 772b0490d176d6aeaefdc0dd189fe8ab23a18903668c2208ef53d460ea266d83
                                                                                                                                • Opcode Fuzzy Hash: 94c5b5c5a8194fe0c6082c3ef4f0673c16c27a591f72b398bed06edfbd666b64
                                                                                                                                • Instruction Fuzzy Hash: C021C531A052259AEB0AEFB4C4407FDB7E4AF05708F224159D1116BA85DB74D689CBF2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09D435 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1de9353ccbb73803f6238e6ba97f6de0651142f351f358fa4b7f68ab134ee56a
                                                                                                                                • Instruction ID: 72509cf6618bf8643008840dcc1e90bef4f6edb38a83a4f119fa0a4d86a3647d
                                                                                                                                • Opcode Fuzzy Hash: 1de9353ccbb73803f6238e6ba97f6de0651142f351f358fa4b7f68ab134ee56a
                                                                                                                                • Instruction Fuzzy Hash: C321A771288306BF97109FA98D40B9F77FCAF0536C7149615F82497A50EB30FC50A7A0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A34BC Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(?,?,00000007,6C09C993,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A34C1
                                                                                                                                • _free.LIBCMT ref: 6C0A351E
                                                                                                                                • _free.LIBCMT ref: 6C0A3554
                                                                                                                                • SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6C0781BB,6C00DFE8,00000044,6C00854A,?,?,?), ref: 6C0A355F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2283115069-0
                                                                                                                                • Opcode ID: 08302b41ce0b2e60b06bad494d264b97163ddcdd843ffc6ed9cc50d68319a49e
                                                                                                                                • Instruction ID: b32ba8398b32737a0198b507d3adfe64cae396e396c1f7601ef1e470fe09b3ad
                                                                                                                                • Opcode Fuzzy Hash: 08302b41ce0b2e60b06bad494d264b97163ddcdd843ffc6ed9cc50d68319a49e
                                                                                                                                • Instruction Fuzzy Hash: AE11A7323446013BDA5215FD5C80BAB35E9ABCE67DF750624F12483BD2EF61E8078210
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C01118B Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6C0111CB
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6C0111DB
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6C0111EB
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6C011214
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::bad_exception::bad_exception
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2160870905-0
                                                                                                                                • Opcode ID: 922dfbed4800b15d8fdcaabfd098b868cc633528bb03163bbc59e43cc5815587
                                                                                                                                • Instruction ID: bf0297049b7500b85953344086e37ffe6c2c7b53e74052f825826bc55b26916f
                                                                                                                                • Opcode Fuzzy Hash: 922dfbed4800b15d8fdcaabfd098b868cc633528bb03163bbc59e43cc5815587
                                                                                                                                • Instruction Fuzzy Hash: 9F01E531589208AAC70AE7E8CC54FEEF7F47B26208F61870AE12162D91C725E51EC250
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00B895 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 6C00B8F3
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000), ref: 6C00B8F7
                                                                                                                                • VerSetConditionMask.KERNEL32(00000000), ref: 6C00B8FB
                                                                                                                                • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 6C00B924
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2793162063-0
                                                                                                                                • Opcode ID: 02fbe5282be52bdfb7158bb73bc47720489571c43d1a7e873c395cbd02c73ab6
                                                                                                                                • Instruction ID: 1e04415cd80a4b484655602fd9dfcda9abbf2148ed22d389dd8ce3618340da49
                                                                                                                                • Opcode Fuzzy Hash: 02fbe5282be52bdfb7158bb73bc47720489571c43d1a7e873c395cbd02c73ab6
                                                                                                                                • Instruction Fuzzy Hash: 9E112171E4032CBADB24DF65DC06BEE7BBCEF09B10F00849AB508A6280D6B45B448BD4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C044760 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • QueryPerformanceCounter.KERNEL32(6C014636,6C014636,?,?,6C014636), ref: 6C044773
                                                                                                                                • __alldvrm.LIBCMT ref: 6C04478D
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C0447B4
                                                                                                                                • GetTickCount.KERNEL32 ref: 6C0447D1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CountCounterPerformanceQueryTickUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1296068966-0
                                                                                                                                • Opcode ID: 3dd9ca10e29b1a9365c44c1ef8f08c2d4c76b4039cfc8449373331937e2c453b
                                                                                                                                • Instruction ID: b56b98ce17736baf3c2f762fcd2f04713577053ee862b55d3edbf5f454a063dc
                                                                                                                                • Opcode Fuzzy Hash: 3dd9ca10e29b1a9365c44c1ef8f08c2d4c76b4039cfc8449373331937e2c453b
                                                                                                                                • Instruction Fuzzy Hash: 8E119E71644305AFCB85DF68ED40A2A7BE8EB8D704F50886DF148C7261EA33A909DB55
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07AC11 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07AC22
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • numpunct.LIBCPMT ref: 6C07AC5C
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07AC73
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07AC93
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registernumpunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3109934852-0
                                                                                                                                • Opcode ID: d90b79d7171e8396ec8d5572951d457d6fe97990d1f84a1be3df9151fc299028
                                                                                                                                • Instruction ID: 46abc433639d8e68284aebbc60c6917757c2857485d67722b48c18e21accc497
                                                                                                                                • Opcode Fuzzy Hash: d90b79d7171e8396ec8d5572951d457d6fe97990d1f84a1be3df9151fc299028
                                                                                                                                • Instruction Fuzzy Hash: 3B01AD35A00219DBDB09EB64C844BEE77F1AF85B18F250108E411AB780DF34EA09C7A9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C074F64 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C074F75
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • numpunct.LIBCPMT ref: 6C074FAF
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C074FC6
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C074FE6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registernumpunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3109934852-0
                                                                                                                                • Opcode ID: a06dc2ab119878a1328061dbcc96fedb84592cda1fd7718bbbd5dca571f3606e
                                                                                                                                • Instruction ID: 598c88803450aa2d5c93d3db02758b739033c660df648fd1e9c4df6234d5e5ab
                                                                                                                                • Opcode Fuzzy Hash: a06dc2ab119878a1328061dbcc96fedb84592cda1fd7718bbbd5dca571f3606e
                                                                                                                                • Instruction Fuzzy Hash: 5801C435A00125DBCB19DBA4C804BED77F1BF89714F254109E411ABB80DF74AE09CBA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A893 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A8A4
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • moneypunct.LIBCPMT ref: 6C07A8DE
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A8F5
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A915
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermoneypunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2178655371-0
                                                                                                                                • Opcode ID: 7813ea23e92667b6374a3612ccfd0c46923e75e2a3df0598abc95b62cdf4f62a
                                                                                                                                • Instruction ID: 3f4bbe4d383de9a9ebe3702542f436cb4dc16a7e4bdc3d5acf6187ff74821b47
                                                                                                                                • Opcode Fuzzy Hash: 7813ea23e92667b6374a3612ccfd0c46923e75e2a3df0598abc95b62cdf4f62a
                                                                                                                                • Instruction Fuzzy Hash: 9001AD35A00119DBCB19EB74C804BED77F1BF89718F254119E411ABB80DF34EE098BA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07AB7C Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07AB8D
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • numpunct.LIBCPMT ref: 6C07ABC7
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07ABDE
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07ABFE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registernumpunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3109934852-0
                                                                                                                                • Opcode ID: 0fef89979ef8b79145f35e932117ab91e1343ffb2dd203d4e309fd37801b799a
                                                                                                                                • Instruction ID: 8e1474f4b291a6dde55d050b42ae8d579d83fe67c07499238192157f272d25d1
                                                                                                                                • Opcode Fuzzy Hash: 0fef89979ef8b79145f35e932117ab91e1343ffb2dd203d4e309fd37801b799a
                                                                                                                                • Instruction Fuzzy Hash: 4001C035A00519CFCB19DB648844BFE77F1AF88728F254408E411AB780DF34EE098BA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A6D4 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A6E5
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • moneypunct.LIBCPMT ref: 6C07A71F
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A736
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A756
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermoneypunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2178655371-0
                                                                                                                                • Opcode ID: 8a5524d65fab678f8c4fbd295d610ebb182c5affea342365535e8a8a991f3f87
                                                                                                                                • Instruction ID: 68a45ff8bd12d6fce77d95974d93d71e5dbb113d091c6ef6dbee2848bb9e150e
                                                                                                                                • Opcode Fuzzy Hash: 8a5524d65fab678f8c4fbd295d610ebb182c5affea342365535e8a8a991f3f87
                                                                                                                                • Instruction Fuzzy Hash: 5B01AD35A005198BCF19DBA4C844BEE77F1AF85718F254009E421AB780DF34EA09CBA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A769 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A77A
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • moneypunct.LIBCPMT ref: 6C07A7B4
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A7CB
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A7EB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermoneypunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2178655371-0
                                                                                                                                • Opcode ID: d98d34143f252316cec175ed5084e0fd8f3e832db60a350dd4601b3022f61b0e
                                                                                                                                • Instruction ID: b810a63dace44a7cd046c22744e82511a4ae776c55872cc1c74a8c97cab80214
                                                                                                                                • Opcode Fuzzy Hash: d98d34143f252316cec175ed5084e0fd8f3e832db60a350dd4601b3022f61b0e
                                                                                                                                • Instruction Fuzzy Hash: 0A01A135A001199BCF09DBA488447ED77F1AF85725F250009E421AB780DF34EA05C7A5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A7FE Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A80F
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • moneypunct.LIBCPMT ref: 6C07A849
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A860
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A880
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermoneypunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2178655371-0
                                                                                                                                • Opcode ID: be9ac988d3a01773c334f56c549f8568bc61fafa14c9e9d6db8a8d5581f82a46
                                                                                                                                • Instruction ID: 1d65865c6574e0af3c50a8a281c54cfb19c8878badf66266107cce991cdfa68d
                                                                                                                                • Opcode Fuzzy Hash: be9ac988d3a01773c334f56c549f8568bc61fafa14c9e9d6db8a8d5581f82a46
                                                                                                                                • Instruction Fuzzy Hash: 0A01A135A11519CBCB09DBA4C804BED77F1AF44728F250519E411AB790DF34EA06CBA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A06D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A07E
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • codecvt.LIBCPMT ref: 6C07A0B8
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A0CF
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A0EF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registercodecvt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2219260569-0
                                                                                                                                • Opcode ID: 439343b0fabc37c1f56bd784e1f3326d7b4cf7cfa344b8620ce83e3d8777da73
                                                                                                                                • Instruction ID: bc84bea52fd6a5ced56f0f7f8755cb4d9885afb4cbf9c8a9f28b5f1a3861a168
                                                                                                                                • Opcode Fuzzy Hash: 439343b0fabc37c1f56bd784e1f3326d7b4cf7cfa344b8620ce83e3d8777da73
                                                                                                                                • Instruction Fuzzy Hash: A601C035A00119CBCF19EB648804BEE77F1AF88718F254808E411AB780DF35EA0987E9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A102 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A113
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • collate.LIBCPMT ref: 6C07A14D
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A164
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A184
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registercollate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2453514444-0
                                                                                                                                • Opcode ID: 863e8529848b744b5a3e89ffa0202081c659457003f7df9c26d8cbab5c762b92
                                                                                                                                • Instruction ID: b6df5a5fdb34564424009daf4925fd17eb8a5f82b3e0938ec881bce22d3b42ee
                                                                                                                                • Opcode Fuzzy Hash: 863e8529848b744b5a3e89ffa0202081c659457003f7df9c26d8cbab5c762b92
                                                                                                                                • Instruction Fuzzy Hash: 2601AD35A00519DBDF19DB648844BEE77F1AF88B28F254508E815AB780DF34EE0987A9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A197 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A1A8
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • collate.LIBCPMT ref: 6C07A1E2
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A1F9
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A219
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registercollate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2453514444-0
                                                                                                                                • Opcode ID: 36b77b98712d67f35e969c3f7e71e730da2188cd12bf8d78cc2a25c8fd0e53f9
                                                                                                                                • Instruction ID: 0e46c7d261bcd210e141e6e96284336e9443ca3708f2f65474ce4b844eaa5eb9
                                                                                                                                • Opcode Fuzzy Hash: 36b77b98712d67f35e969c3f7e71e730da2188cd12bf8d78cc2a25c8fd0e53f9
                                                                                                                                • Instruction Fuzzy Hash: E701AD35A00619DBCB19DBA4C844BFE77F1AF89718F254008E511AB780DF35EA0AC7A9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A22C Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A23D
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • ctype.LIBCPMT ref: 6C07A277
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A28E
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A2AE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registerctype
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3930835225-0
                                                                                                                                • Opcode ID: 57b7f50832c433d099d797ec4c14b8eb8016230c448d1d44b438eecff862ae37
                                                                                                                                • Instruction ID: fe2e5d3e95ba9d2e9738a3d50e6fba223d682284a3f5ac5e666e47022fab519a
                                                                                                                                • Opcode Fuzzy Hash: 57b7f50832c433d099d797ec4c14b8eb8016230c448d1d44b438eecff862ae37
                                                                                                                                • Instruction Fuzzy Hash: EC01A135A00515CBCB19DB688844BEE77F1BF44724F250008E511ABB80DF35EE09C7A9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A2C1 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A2D2
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • ctype.LIBCPMT ref: 6C07A30C
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A323
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A343
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registerctype
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3930835225-0
                                                                                                                                • Opcode ID: ea7e84366a0834a37a79ad1700c9b686a0115723ab4ce5d4c7ff8b550e758fb8
                                                                                                                                • Instruction ID: 7b9ad629cb7496abf4e8b0f140fd0aefeb88cc93faf38a276a237414b6d594fd
                                                                                                                                • Opcode Fuzzy Hash: ea7e84366a0834a37a79ad1700c9b686a0115723ab4ce5d4c7ff8b550e758fb8
                                                                                                                                • Instruction Fuzzy Hash: 7A016135A045158BCB19DB6488047FE77F1AF49714F254509E421ABB80DF34EA0987A9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A356 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A367
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • messages.LIBCPMT ref: 6C07A3A1
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A3B8
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A3D8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermessages
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 920951920-0
                                                                                                                                • Opcode ID: 749d0e910649d15ff6dd400a087544d47c7b3e48b2ba4780483c84c305e3c581
                                                                                                                                • Instruction ID: 6f3d261375e59481acdf75e667f2c22d0e7f0ff1f4400b29408a9535a7d855f1
                                                                                                                                • Opcode Fuzzy Hash: 749d0e910649d15ff6dd400a087544d47c7b3e48b2ba4780483c84c305e3c581
                                                                                                                                • Instruction Fuzzy Hash: D901AD35A04119CBCB09DB648804BEE77F1EF85728F254109E425ABB80DF74EA09CBA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07A3EB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C07A3FC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • messages.LIBCPMT ref: 6C07A436
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A44D
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A46D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermessages
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 920951920-0
                                                                                                                                • Opcode ID: 6343c37f399228ce611de6ed5e27974aaf8acc14c55db66ce4601e83e98882d3
                                                                                                                                • Instruction ID: 6a82e2fbfdbbacf60c9d79adabb3de9f3afaf0c750305dda86857d73a7c18415
                                                                                                                                • Opcode Fuzzy Hash: 6343c37f399228ce611de6ed5e27974aaf8acc14c55db66ce4601e83e98882d3
                                                                                                                                • Instruction Fuzzy Hash: E601A136A005158BCB19DB64C8487ED77F1AF85724F250418E411AB780DF35EA05C7A9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C079FD8 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C079FE9
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • codecvt.LIBCPMT ref: 6C07A023
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C07A03A
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C07A05A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registercodecvt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2219260569-0
                                                                                                                                • Opcode ID: 0c2410ca93872a5fd851881e92fcd60432623dd25fd3191b8c08b6aa6ef17686
                                                                                                                                • Instruction ID: 8e4284ece2ecc1bea2b94b2453c1b86af5191803ed6e1d8689d85a45a68a5099
                                                                                                                                • Opcode Fuzzy Hash: 0c2410ca93872a5fd851881e92fcd60432623dd25fd3191b8c08b6aa6ef17686
                                                                                                                                • Instruction Fuzzy Hash: 0201C835A00515CBCB19DB64C808BFD77F1AF44718F250408E411A7780DF34EA09CBE5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08784D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C08785E
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • moneypunct.LIBCPMT ref: 6C087898
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C0878AF
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C0878CF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermoneypunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2178655371-0
                                                                                                                                • Opcode ID: 6c39f1c3b7bc7de0be965ae92b3b90742a40f9b6cb3edc089f0c8ea4205e1b77
                                                                                                                                • Instruction ID: dca896b8bb0fd1e0fd88c84a09f9a4f0db2dc778ab0f60e4e6faad2482d93712
                                                                                                                                • Opcode Fuzzy Hash: 6c39f1c3b7bc7de0be965ae92b3b90742a40f9b6cb3edc089f0c8ea4205e1b77
                                                                                                                                • Instruction Fuzzy Hash: D601AD35A41519CBCF05DB688804BFE7BF1BF84718F654019E515AB780DF34AA09C7A5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0875F9 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C08760A
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • messages.LIBCPMT ref: 6C087644
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C08765B
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C08767B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermessages
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 920951920-0
                                                                                                                                • Opcode ID: e35a91e1dc8314b62d217679f17f2c429a5293ec57ea888a4bb563b1ec652875
                                                                                                                                • Instruction ID: 749bb6805773f781b946e7b5980ce3b9f4dfb051d52afe6f5a85628002c6906b
                                                                                                                                • Opcode Fuzzy Hash: e35a91e1dc8314b62d217679f17f2c429a5293ec57ea888a4bb563b1ec652875
                                                                                                                                • Instruction Fuzzy Hash: 8401C435A02115CBCF05DB68C8447FD77F5AF85728F254118E411ABB84DF34AE09C795
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0877B8 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C0877C9
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • moneypunct.LIBCPMT ref: 6C087803
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C08781A
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C08783A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Registermoneypunct
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2178655371-0
                                                                                                                                • Opcode ID: 022f2833407c1c02f1bcfea0fafeb4c35b20a718a795f3e2ad9ec947649c2863
                                                                                                                                • Instruction ID: 611bea3fa64b5f016c5f4967cdf0b8eb8852291bf5612b6d19cd1162c6b2621a
                                                                                                                                • Opcode Fuzzy Hash: 022f2833407c1c02f1bcfea0fafeb4c35b20a718a795f3e2ad9ec947649c2863
                                                                                                                                • Instruction Fuzzy Hash: 9101C035A01519CBCF05DB688844BFD77F1BF88728F654019E411ABB80DF34EA09C7A5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0200F4 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C0200FB
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C020108
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::_Lockit.LIBCPMT ref: 6C0095BC
                                                                                                                                  • Part of subcall function 6C0095A0: std::_Lockit::~_Lockit.LIBCPMT ref: 6C0095D8
                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6C020156
                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 6C02016C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3_Register
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 620704588-0
                                                                                                                                • Opcode ID: 5f749f86e8f17ab167c33eaeae4abea80ce3f27e03a217fc0509c09f67b864c8
                                                                                                                                • Instruction ID: ca223fb426b1ddf4394d909cd24cbcebb555a1151fef0afdd55a28c1499ae3d4
                                                                                                                                • Opcode Fuzzy Hash: 5f749f86e8f17ab167c33eaeae4abea80ce3f27e03a217fc0509c09f67b864c8
                                                                                                                                • Instruction Fuzzy Hash: 3101F531A00615CFCB04DBA48810BEE77F8AF08B18F610109E915ABBC0DF35AE09CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0782BA Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000400,00000074,?,?,?,00000000,00000000,00000008,?,?,6C0027EE,?,6C0DC67C,?,00000000), ref: 6C0782D7
                                                                                                                                • GetLastError.KERNEL32(?,6C0027EE,?,6C0DC67C,?,00000000,00000000,0000000C,6C00E00E,6C0DC67C,6C0DC67C,?,00000000,?,00000044,6C00854A), ref: 6C0782E3
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000074,?,?,?,00000000,00000000,?,6C0027EE,?,6C0DC67C,?,00000000,00000000,0000000C), ref: 6C078309
                                                                                                                                • GetLastError.KERNEL32(?,6C0027EE,?,6C0DC67C,?,00000000,00000000,0000000C,6C00E00E,6C0DC67C,6C0DC67C,?,00000000,?,00000044,6C00854A), ref: 6C078315
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharErrorLastMultiWide
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 203985260-0
                                                                                                                                • Opcode ID: 5d8859c71581f8e2a53cc559db4df69ed66c0b9ad43eb3ff80fd35bef181df72
                                                                                                                                • Instruction ID: 18d89e791c55058f158eee258a93b3e7b3c3160bc2c60ce3e021ddc64a9712b2
                                                                                                                                • Opcode Fuzzy Hash: 5d8859c71581f8e2a53cc559db4df69ed66c0b9ad43eb3ff80fd35bef181df72
                                                                                                                                • Instruction Fuzzy Hash: 74013B32604155BBCF224E96CC08D8F3EBAFBCAB91B144525FE0465510CB32C821D7B8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A82CB Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,6C0A8430,00000000,?,6C0B1270,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 6C0A82E1
                                                                                                                                • GetLastError.KERNEL32(?,6C0B1270,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,6C0A8430,00000000,00000104,?), ref: 6C0A82EB
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C0A82F2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2398240785-0
                                                                                                                                • Opcode ID: eada7ec3a578db6284cc663e8bc7bc898ea46b365368912f076c11f48e966e47
                                                                                                                                • Instruction ID: ca56904374c9a1e1f6e2fba3bd8ce1178c264ef0e98a6a036486ec9f539902cb
                                                                                                                                • Opcode Fuzzy Hash: eada7ec3a578db6284cc663e8bc7bc898ea46b365368912f076c11f48e966e47
                                                                                                                                • Instruction Fuzzy Hash: 39F06D32208555BB8F105FE6C808B8ABFF9FF457A83108612F519C7911DB32E822DBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0A8334 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,6C0A8430,00000000,?,6C0B11FB,00000000,00000000,6C0A8430,?,?,00000000,00000000,00000001), ref: 6C0A834A
                                                                                                                                • GetLastError.KERNEL32(?,6C0B11FB,00000000,00000000,6C0A8430,?,?,00000000,00000000,00000001,00000000,00000000,?,6C0A8430,00000000,00000104), ref: 6C0A8354
                                                                                                                                • __dosmaperr.LIBCMT ref: 6C0A835B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2398240785-0
                                                                                                                                • Opcode ID: 78989b59aa4cd2a4ed05b3f4e2d4404d4b83926f6c67a18f312c53f0986092a7
                                                                                                                                • Instruction ID: ca4d3b62061cf3a51299701d015c375f64aaa20f3ecb332eb906bd5e55448fa6
                                                                                                                                • Opcode Fuzzy Hash: 78989b59aa4cd2a4ed05b3f4e2d4404d4b83926f6c67a18f312c53f0986092a7
                                                                                                                                • Instruction Fuzzy Hash: B7F06D32608155BB8F105FE6C808A8ABFF9FF457A43148612F629C7910DB32E822DBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0B1DB6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,6C0ACC09,00000000,00000001,00000000,00000000,?,6C0A1D5D,00000000,6C0912A7,00000000), ref: 6C0B1DCD
                                                                                                                                • GetLastError.KERNEL32(?,6C0ACC09,00000000,00000001,00000000,00000000,?,6C0A1D5D,00000000,6C0912A7,00000000,00000000,00000000,?,6C0A22B3,00000000), ref: 6C0B1DD9
                                                                                                                                  • Part of subcall function 6C0B1D9F: CloseHandle.KERNEL32(FFFFFFFE,6C0B1DE9,?,6C0ACC09,00000000,00000001,00000000,00000000,?,6C0A1D5D,00000000,6C0912A7,00000000,00000000,00000000), ref: 6C0B1DAF
                                                                                                                                • ___initconout.LIBCMT ref: 6C0B1DE9
                                                                                                                                  • Part of subcall function 6C0B1D61: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6C0B1D90,6C0ACBF6,00000000,?,6C0A1D5D,00000000,6C0912A7,00000000,00000000), ref: 6C0B1D74
                                                                                                                                • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,6C0ACC09,00000000,00000001,00000000,00000000,?,6C0A1D5D,00000000,6C0912A7,00000000,00000000), ref: 6C0B1DFE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2744216297-0
                                                                                                                                • Opcode ID: 0257ebf178687da1c0be460bf5d29188308332726f434c5d0bd42e243c2eb7af
                                                                                                                                • Instruction ID: 6ec229b2d816ae34a5998ad00d16ce572536afbae169495fcaeca4c8ac0257b3
                                                                                                                                • Opcode Fuzzy Hash: 0257ebf178687da1c0be460bf5d29188308332726f434c5d0bd42e243c2eb7af
                                                                                                                                • Instruction Fuzzy Hash: A6F0F836240268BBCF629F958C09AC93EB6FB0D7A1F144410FA1896120CB33C8209B94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08B79C Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SleepConditionVariableCS.KERNEL32(?,6C08B739,00000064,?,6C00D51B,6C0E6504,?,6C004456,?,00000000,?,?,?,6C00D4E1,6C0E6508,?), ref: 6C08B7BF
                                                                                                                                • LeaveCriticalSection.KERNEL32(6C0E6D20,?,?,6C08B739,00000064,?,6C00D51B,6C0E6504,?,6C004456,?,00000000,?,?,?,6C00D4E1), ref: 6C08B7C9
                                                                                                                                • WaitForSingleObjectEx.KERNEL32(?,00000000,?,6C08B739,00000064,?,6C00D51B,6C0E6504,?,6C004456,?,00000000,?,?,?,6C00D4E1), ref: 6C08B7DA
                                                                                                                                • EnterCriticalSection.KERNEL32(6C0E6D20,?,6C08B739,00000064,?,6C00D51B,6C0E6504,?,6C004456,?,00000000,?,?,?,6C00D4E1,6C0E6508), ref: 6C08B7E1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3269011525-0
                                                                                                                                • Opcode ID: c422381c5bcf9e13256d2fb2678fb46f40b5ce1abb7b39a5541b8d2b3806ce89
                                                                                                                                • Instruction ID: 5dbc411b2cded3d04f6a828e9173a9ec68d033dcf9bb7ea20eed536bdbd9520b
                                                                                                                                • Opcode Fuzzy Hash: c422381c5bcf9e13256d2fb2678fb46f40b5ce1abb7b39a5541b8d2b3806ce89
                                                                                                                                • Instruction Fuzzy Hash: 66E09231A8652CBBCE415B50EC0AFCD3F74DF0FE20BA04450F609A2510CE6259108BD9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0680E0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 487COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 6C068163
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___from_strstr_to_strchr
                                                                                                                                • String ID: %s?dns=%s$Failed to encode DOH packet [%d]
                                                                                                                                • API String ID: 601868998-3030351490
                                                                                                                                • Opcode ID: 554e73c33806bdf035f141e47e20b9df83b7ba1276ba6e9421a8fd94be59dfb5
                                                                                                                                • Instruction ID: ca9cf8a16350d2dccaca460f9b09bd518ce4702cdbf28cec8a66450344484ed4
                                                                                                                                • Opcode Fuzzy Hash: 554e73c33806bdf035f141e47e20b9df83b7ba1276ba6e9421a8fd94be59dfb5
                                                                                                                                • Instruction Fuzzy Hash: E6F14B31A887226BE7224F219C44B9B7BD46F41758F080725FE887BF96D3659C58C7C2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07630F Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C076316
                                                                                                                                  • Part of subcall function 6C074F64: std::_Lockit::_Lockit.LIBCPMT ref: 6C074F75
                                                                                                                                  • Part of subcall function 6C074F64: std::_Lockit::~_Lockit.LIBCPMT ref: 6C074FE6
                                                                                                                                • _Find_elem.LIBCPMT ref: 6C076512
                                                                                                                                Strings
                                                                                                                                • 0123456789ABCDEFabcdef-+Xx, xrefs: 6C07637E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Lockitstd::_$Find_elemH_prolog3_Lockit::_Lockit::~_
                                                                                                                                • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                • API String ID: 2124549159-2799312399
                                                                                                                                • Opcode ID: b91b0424d81453704984b33a365e7d6fb600df12b592dacd0f719cc00281baec
                                                                                                                                • Instruction ID: 1f37e7a16aba28ae54d95e8bcda5cbc195a50280743c9d6e712dae6b6d732191
                                                                                                                                • Opcode Fuzzy Hash: b91b0424d81453704984b33a365e7d6fb600df12b592dacd0f719cc00281baec
                                                                                                                                • Instruction Fuzzy Hash: C0C1B630E09298CEDF29CFA4C5507DCBBF1AF45308F684159D496ABB46C7359949CB38
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07EC11 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C07EC1B
                                                                                                                                  • Part of subcall function 6C07AC11: std::_Lockit::_Lockit.LIBCPMT ref: 6C07AC22
                                                                                                                                  • Part of subcall function 6C07AC11: std::_Lockit::~_Lockit.LIBCPMT ref: 6C07AC93
                                                                                                                                • _Find_elem.LIBCPMT ref: 6C07EE55
                                                                                                                                Strings
                                                                                                                                • 0123456789ABCDEFabcdef-+Xx, xrefs: 6C07EC92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Lockitstd::_$Find_elemH_prolog3_Lockit::_Lockit::~_
                                                                                                                                • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                • API String ID: 2124549159-2799312399
                                                                                                                                • Opcode ID: 4ed392354c35bf3d60218aaae8d4fd007ca5e947f1599211812b80b24311d9fe
                                                                                                                                • Instruction ID: 84fa857172b74aa6aa6d372401877ed8957ac65879faafbf06a092afcc289e68
                                                                                                                                • Opcode Fuzzy Hash: 4ed392354c35bf3d60218aaae8d4fd007ca5e947f1599211812b80b24311d9fe
                                                                                                                                • Instruction Fuzzy Hash: A7C18730E062688FDF29CF64C5407DCBBF2BF45308F548599D8656BA82DB349C85CBA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C07E83B Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C07E845
                                                                                                                                  • Part of subcall function 6C07AB7C: std::_Lockit::_Lockit.LIBCPMT ref: 6C07AB8D
                                                                                                                                  • Part of subcall function 6C07AB7C: std::_Lockit::~_Lockit.LIBCPMT ref: 6C07ABFE
                                                                                                                                • _Find_elem.LIBCPMT ref: 6C07EA7F
                                                                                                                                Strings
                                                                                                                                • 0123456789ABCDEFabcdef-+Xx, xrefs: 6C07E8BC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Lockitstd::_$Find_elemH_prolog3_Lockit::_Lockit::~_
                                                                                                                                • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                • API String ID: 2124549159-2799312399
                                                                                                                                • Opcode ID: 11e9d7a44f464193ddfb2c099e9c67b80f78d61130bdc35a44495f1d5ef52d83
                                                                                                                                • Instruction ID: c817cd33ef8c89f846b5685451e9c792f4f166a5da6c60df8e4ab11d12b99586
                                                                                                                                • Opcode Fuzzy Hash: 11e9d7a44f464193ddfb2c099e9c67b80f78d61130bdc35a44495f1d5ef52d83
                                                                                                                                • Instruction Fuzzy Hash: B4C18531E062588FDF29CF68C8407DDBBF2BF45308F548199D8A56B682DB349885CBA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C02159C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6C021601
                                                                                                                                  • Part of subcall function 6C0101B8: __EH_prolog3_GS.LIBCMT ref: 6C0101BF
                                                                                                                                  • Part of subcall function 6C013C85: RegOpenKeyExW.ADVAPI32(00000000,?,00000000,?,00000000), ref: 6C013CB5
                                                                                                                                  • Part of subcall function 6C02168F: __EH_prolog3_GS.LIBCMT ref: 6C021696
                                                                                                                                  • Part of subcall function 6C02168F: RegGetValueW.ADVAPI32(?,00000000,?,00000002,00000000,00000000,00000008,00000020,6C0213A1,?,?,DisplayName,?,?,6C0BAE84,?), ref: 6C0216C7
                                                                                                                                  • Part of subcall function 6C02168F: RegGetValueW.ADVAPI32(?,00000000,?,00000002,00000000,?,00000008,00000007,00000000,?,00000000,?,00000002,00000000,00000000,00000008), ref: 6C02172B
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6C021559
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseH_prolog3_Value$Open
                                                                                                                                • String ID: DisplayName$InstallLocation
                                                                                                                                • API String ID: 2604920536-403156650
                                                                                                                                • Opcode ID: e97109d1bdeee6137dff9f40f44a9309e96adcf47b9d8b5d57e749cb9479b724
                                                                                                                                • Instruction ID: afae6a97f860a320a80f8fd51508f754665b1cddfa6dc3e458240858dc882e5a
                                                                                                                                • Opcode Fuzzy Hash: e97109d1bdeee6137dff9f40f44a9309e96adcf47b9d8b5d57e749cb9479b724
                                                                                                                                • Instruction Fuzzy Hash: D5A11971D05258EADF14CBA4CD90BEEB7B9BF19308F104099D50AB3691EB346B8CCB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09D22D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 6C09D2BD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorHandling__start
                                                                                                                                • String ID: pow
                                                                                                                                • API String ID: 3213639722-2276729525
                                                                                                                                • Opcode ID: 6d8907bfcbc92b2d8ab0c9c463229585f47f596e05562c9b38a712afce1d5df4
                                                                                                                                • Instruction ID: 9269ca71e1143f435ad6845ebc42d176678873176d34d4c83d6215d5a41bf35e
                                                                                                                                • Opcode Fuzzy Hash: 6d8907bfcbc92b2d8ab0c9c463229585f47f596e05562c9b38a712afce1d5df4
                                                                                                                                • Instruction Fuzzy Hash: 13519D60A8D30296DB016BD8C90039E3BF4EB41749F709A59E1E042ADAEF34C5C7AE47
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08A9DD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldiv
                                                                                                                                • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                • API String ID: 3732870572-1956417402
                                                                                                                                • Opcode ID: 0c6353eaf3c72e68a92a74a70365a8832b1ef48641f84f277b73fe946216b269
                                                                                                                                • Instruction ID: 50847a23ed8ead4eb82cdfeb6ef74c1add737e8045788e75d6eb9d15bde1a0b3
                                                                                                                                • Opcode Fuzzy Hash: 0c6353eaf3c72e68a92a74a70365a8832b1ef48641f84f277b73fe946216b269
                                                                                                                                • Instruction Fuzzy Hash: 7651F530A072899BDF158FAD84907AEBBF6AF06614F34C569D491D7EC1D37889418F50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C029711 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • Verify called while the verification expected value was empty, xrefs: 6C02976C, 6C029782
                                                                                                                                • Fallback verify called while the subject name expected value was empty, xrefs: 6C02981D, 6C029833
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: Fallback verify called while the subject name expected value was empty$Verify called while the verification expected value was empty
                                                                                                                                • API String ID: 2427045233-3932337201
                                                                                                                                • Opcode ID: f47b84333ed8f7bc0f964c92467e7365d3442644a442003022e35a3501804385
                                                                                                                                • Instruction ID: 9104981ffc792ad802b6680101fe5b5ee03a4a4db13dd7e7f7d369f2f7cc8e67
                                                                                                                                • Opcode Fuzzy Hash: f47b84333ed8f7bc0f964c92467e7365d3442644a442003022e35a3501804385
                                                                                                                                • Instruction Fuzzy Hash: 91613271D01249DFCB00DFE8C490AEEBBF4AF09304F54849AE155BB651DB35AA09CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C027A88 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C027A92
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: additional_data$verified
                                                                                                                                • API String ID: 2427045233-1948059939
                                                                                                                                • Opcode ID: 72d37626ad611724e11f80b78e38750d1aa13b207671bc166647eb40e0d90d0b
                                                                                                                                • Instruction ID: 5c69fc2c5bc22434559442fc17d399cf1cb5d7c15001f28b45e694aece868228
                                                                                                                                • Opcode Fuzzy Hash: 72d37626ad611724e11f80b78e38750d1aa13b207671bc166647eb40e0d90d0b
                                                                                                                                • Instruction Fuzzy Hash: 66512971D0128CEEEF11DBA4C944BDEBBF8AB15308F50809AD449B7641EB75AB4CCB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C09FC2A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
                                                                                                                                • API String ID: 0-3002077376
                                                                                                                                • Opcode ID: 26a6230d5adb6535811a69142232ee5c8fbb6e8bb5d793f6eb5e734bf95de84b
                                                                                                                                • Instruction ID: c859b9f260298a9f50710eb05b6bf38830f4b39c78fb0035ed494fdd748cbc52
                                                                                                                                • Opcode Fuzzy Hash: 26a6230d5adb6535811a69142232ee5c8fbb6e8bb5d793f6eb5e734bf95de84b
                                                                                                                                • Instruction Fuzzy Hash: D241A2B0A05218AFCB119B9AC880FDEBBFDEF8A704F10106AF510D7A51DB709A45DB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00F389 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: parse error$parse_error
                                                                                                                                • API String ID: 2427045233-1820534363
                                                                                                                                • Opcode ID: 1cb85864503ea7580cdbe4321e9e62ff8af3473b88c951df64a24c7b6d7a49fb
                                                                                                                                • Instruction ID: 58b4948ac2730535bb6058bb1fc75fd2be4f2f479d19f1ae01c7864fa581bdc8
                                                                                                                                • Opcode Fuzzy Hash: 1cb85864503ea7580cdbe4321e9e62ff8af3473b88c951df64a24c7b6d7a49fb
                                                                                                                                • Instruction Fuzzy Hash: BA414671E00218EBEF14DFA4C890BEDBBF8AF19304F514059E459B7781DB346A48CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C039C50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C044760: QueryPerformanceCounter.KERNEL32(6C014636,6C014636,?,?,6C014636), ref: 6C044773
                                                                                                                                  • Part of subcall function 6C044760: __alldvrm.LIBCMT ref: 6C04478D
                                                                                                                                  • Part of subcall function 6C044760: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C0447B4
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C039CB7
                                                                                                                                Strings
                                                                                                                                • Too old connection (%ld seconds), disconnect it, xrefs: 6C039CD3
                                                                                                                                • Connection %ld seems to be dead!, xrefs: 6C039D31
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery__alldvrm
                                                                                                                                • String ID: Connection %ld seems to be dead!$Too old connection (%ld seconds), disconnect it
                                                                                                                                • API String ID: 3283211967-2324667105
                                                                                                                                • Opcode ID: 79f389d221ebafe14994f5cff9797658c5fc4eda65544f8ba2e42c97cfa43dfc
                                                                                                                                • Instruction ID: 50f608c223494156d5a32a4724159731c223c5d6b6365e2e423ff950c207be70
                                                                                                                                • Opcode Fuzzy Hash: 79f389d221ebafe14994f5cff9797658c5fc4eda65544f8ba2e42c97cfa43dfc
                                                                                                                                • Instruction Fuzzy Hash: 1031BC70A04266AFD7006B3C8C41BEAB3E4FF85329F402664F46C57692EB317598C791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00DFB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: ", "$: "
                                                                                                                                • API String ID: 2427045233-747220369
                                                                                                                                • Opcode ID: 225ba1feee1ee386fc1dbdd9cd3e7a0de4a400ac2f6b640bd31def431a688095
                                                                                                                                • Instruction ID: 13c109cd21f17794fcb6dd76a7051e015b98d26b7068f26df980edd94bc17c29
                                                                                                                                • Opcode Fuzzy Hash: 225ba1feee1ee386fc1dbdd9cd3e7a0de4a400ac2f6b640bd31def431a688095
                                                                                                                                • Instruction Fuzzy Hash: 9F3137B1A00208EFDF14CFA4C844BEEBBF5BF48704F554419E155B7680DB71AA49CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C020F24 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6C020B55
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6C020F42
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID: HKEY_LOCAL_MACHINE
                                                                                                                                • API String ID: 3535843008-2814786349
                                                                                                                                • Opcode ID: 968dbb2a9239310b6ced0876532412df44fec24272d22ccdd796e50887c0c628
                                                                                                                                • Instruction ID: b7098349e0fd8ed11368d9f370fad1f68512a0709b57cbe3c748464b04c2c17c
                                                                                                                                • Opcode Fuzzy Hash: 968dbb2a9239310b6ced0876532412df44fec24272d22ccdd796e50887c0c628
                                                                                                                                • Instruction Fuzzy Hash: 3E4176708083289FDB21CF64C990BEDB7F4BF29308F5041D9C48967A90CBB46A89CF61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C027C68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C027C6F
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: offer_response$user_response
                                                                                                                                • API String ID: 2427045233-3488798116
                                                                                                                                • Opcode ID: 6c14e0359dd05de18eea1aa54552321f55e06d3492ae39c2540823e0ff040708
                                                                                                                                • Instruction ID: 1321990b126d4fa28e0321da1709ccd62554bb8e9751da0c245e2e24e4552336
                                                                                                                                • Opcode Fuzzy Hash: 6c14e0359dd05de18eea1aa54552321f55e06d3492ae39c2540823e0ff040708
                                                                                                                                • Instruction Fuzzy Hash: 77313A70D01388EADF11DFE8C885BDDBFB8AB15308F544069E405BB681D7B56608CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C027D77 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C027D7E
                                                                                                                                  • Part of subcall function 6C027FD4: __EH_prolog3_GS.LIBCMT ref: 6C027FDE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: offer_set$present_offer
                                                                                                                                • API String ID: 2427045233-1999028709
                                                                                                                                • Opcode ID: ecd1330c0a36c48df9e9223281118d06601eaff54efc86cdb571645f7fc4c2a7
                                                                                                                                • Instruction ID: 9e125181290d9d0d7d6520c78099b7ab3574076a9464912c4a2984d924ded6c6
                                                                                                                                • Opcode Fuzzy Hash: ecd1330c0a36c48df9e9223281118d06601eaff54efc86cdb571645f7fc4c2a7
                                                                                                                                • Instruction Fuzzy Hash: 99313A71D01348EEDF05DBE8C845BDDBFF8AB15308F50446AE045BB681EB74AA08CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C088C2D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Mpunct
                                                                                                                                • String ID: $+xv
                                                                                                                                • API String ID: 4240859931-1686923651
                                                                                                                                • Opcode ID: 8abc9afe16d06fd74ddc06351979203b9117b4f9fe67acecf0ffd398f115b387
                                                                                                                                • Instruction ID: f34a5a28cd8e66b1c04f8abf084f57bceca655754ebb2f7f04a19ace8789615b
                                                                                                                                • Opcode Fuzzy Hash: 8abc9afe16d06fd74ddc06351979203b9117b4f9fe67acecf0ffd398f115b387
                                                                                                                                • Instruction Fuzzy Hash: 9321A1B1905B92AEDF25CF748880B7BBEE8AB0C204F044A5AE559C7E41D734EA05CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C080903 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C07980B: _Maklocstr.LIBCPMT ref: 6C07982B
                                                                                                                                  • Part of subcall function 6C07980B: _Maklocstr.LIBCPMT ref: 6C079848
                                                                                                                                  • Part of subcall function 6C07980B: _Maklocstr.LIBCPMT ref: 6C079865
                                                                                                                                  • Part of subcall function 6C07980B: _Maklocchr.LIBCPMT ref: 6C079877
                                                                                                                                  • Part of subcall function 6C07980B: _Maklocchr.LIBCPMT ref: 6C07988A
                                                                                                                                • _Mpunct.LIBCPMT ref: 6C080997
                                                                                                                                • _Mpunct.LIBCPMT ref: 6C0809B1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Maklocstr$MaklocchrMpunct
                                                                                                                                • String ID: $+xv
                                                                                                                                • API String ID: 542472742-1686923651
                                                                                                                                • Opcode ID: 607312aa7c58b4aa7ba196468bb80867cc678dec9edc8dd603b9bd57fed9ae81
                                                                                                                                • Instruction ID: 410a4d7273906ba75e0f9c628502cef8192479fc3fe129d8e45b20054a71f0a3
                                                                                                                                • Opcode Fuzzy Hash: 607312aa7c58b4aa7ba196468bb80867cc678dec9edc8dd603b9bd57fed9ae81
                                                                                                                                • Instruction Fuzzy Hash: 482183B1905B916EDB25CF74885077BBAE8AB0D604F044A5AE499C7E41D734E605CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C00E4CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 6C078647: CreateThreadpoolWork.KERNEL32(6C078674,00000000,00000000), ref: 6C078656
                                                                                                                                  • Part of subcall function 6C078647: Concurrency::details::_Reschedule_chore.LIBCPMT ref: 6C078663
                                                                                                                                • std::invalid_argument::invalid_argument.LIBCONCRT ref: 6C00E4FB
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C00E516
                                                                                                                                Strings
                                                                                                                                • Fail to schedule the chore!, xrefs: 6C00E4F3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Concurrency::details::_CreateH_prolog3_Reschedule_choreThreadpoolWorkstd::invalid_argument::invalid_argument
                                                                                                                                • String ID: Fail to schedule the chore!
                                                                                                                                • API String ID: 1913147646-3313369819
                                                                                                                                • Opcode ID: a17e290a267af81a55e22b7c10eab41c0f2bdc1cefd59479fe1b8eadfe8ddeec
                                                                                                                                • Instruction ID: 3ea97430b85db49ecb844b7acd512427ecc4cfa3afa1360eb632acb01d44c088
                                                                                                                                • Opcode Fuzzy Hash: a17e290a267af81a55e22b7c10eab41c0f2bdc1cefd59479fe1b8eadfe8ddeec
                                                                                                                                • Instruction Fuzzy Hash: 0211C631A01605ABEB14DBA4E841BDD73E49F00718F11461AE565B7A80EBB0BB4987D5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C013AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 6C013AC7
                                                                                                                                  • Part of subcall function 6C013C85: RegOpenKeyExW.ADVAPI32(00000000,?,00000000,?,00000000), ref: 6C013CB5
                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96},00000038,6C0137E7,80000002), ref: 6C013B64
                                                                                                                                Strings
                                                                                                                                • Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 6C013AE0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseH_prolog3_catch_Open
                                                                                                                                • String ID: Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                                                                • API String ID: 2354439886-3687420604
                                                                                                                                • Opcode ID: dbb8f3dd35563c68fd66368d6a256150a127c746b2158d001965607d3672b348
                                                                                                                                • Instruction ID: e5b63eae35414fe99d16a9a1faff88dd17895113feb1b1ff462e6d87024c7718
                                                                                                                                • Opcode Fuzzy Hash: dbb8f3dd35563c68fd66368d6a256150a127c746b2158d001965607d3672b348
                                                                                                                                • Instruction Fuzzy Hash: 8A21D6B1C15218EEDF04DBE4D881BDEFBF4AF08304F50805AE501B7A51EB356649CB64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0766FF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3_
                                                                                                                                • String ID: false$true
                                                                                                                                • API String ID: 2427045233-2658103896
                                                                                                                                • Opcode ID: f2240526a5b05fc34eab350a94e6c45fba2b62e26ea5f18b7f70f722b2dbd2b3
                                                                                                                                • Instruction ID: ded46b4f377e6e8130b23caa51f38de6c558229e0f7eb98dc5ab4e67fd5c44c5
                                                                                                                                • Opcode Fuzzy Hash: f2240526a5b05fc34eab350a94e6c45fba2b62e26ea5f18b7f70f722b2dbd2b3
                                                                                                                                • Instruction Fuzzy Hash: 8711BE75840780AECB35DFB4C800B8ABBF4AB05204F14891AE1A69BB40EB34F608CF65
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C03E4A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • getsockopt.WS2_32(?,0000FFFF,00001001,00004020,?), ref: 6C03E50D
                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 6C03E535
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: getsockoptsetsockopt
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 194641219-2726393805
                                                                                                                                • Opcode ID: 77aadea1da819910e8303531ea46ad3e8f87e375f1aa4eec9772d431a52682b9
                                                                                                                                • Instruction ID: c1c71e68511456b56830bb1413f36393baa60092b5d850747bbaf047add71795
                                                                                                                                • Opcode Fuzzy Hash: 77aadea1da819910e8303531ea46ad3e8f87e375f1aa4eec9772d431a52682b9
                                                                                                                                • Instruction Fuzzy Hash: C70179B1248352ABE700DF00E845B5677F8BF45B08F505618F698965D0E776D948CB42
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C08BD8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6C08BD9A
                                                                                                                                • ___raise_securityfailure.LIBCMT ref: 6C08BE57
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                • String ID: x[l
                                                                                                                                • API String ID: 3761405300-1372410823
                                                                                                                                • Opcode ID: 39cc95cb62a7b195a1298d3ac9a0fd4b0a234babf7c617e47faa2911be74181b
                                                                                                                                • Instruction ID: 6050176c6f99656bbc5f8fd90fee9c694558d0a57d0489a49f4220f0f994e449
                                                                                                                                • Opcode Fuzzy Hash: 39cc95cb62a7b195a1298d3ac9a0fd4b0a234babf7c617e47faa2911be74181b
                                                                                                                                • Instruction Fuzzy Hash: 8711C0B5B9130CDBCF80DF29F0826443BB5BB4EB14B00502AEA09C7790EFB199448F45
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C008087 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6C00809B
                                                                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6C0080D8
                                                                                                                                  • Part of subcall function 6C072E17: _Yarn.LIBCPMT ref: 6C072E36
                                                                                                                                  • Part of subcall function 6C072E17: _Yarn.LIBCPMT ref: 6C072E5A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                • String ID: bad locale name
                                                                                                                                • API String ID: 1908188788-1405518554
                                                                                                                                • Opcode ID: 40f6687fe3b3af690b8d183f7874f4c471eb7e4b5be898ae0b94d545d712f3bf
                                                                                                                                • Instruction ID: 3c93e834b9f0b462698661a2f51a4dfade75a13325489c88315001413e6a8289
                                                                                                                                • Opcode Fuzzy Hash: 40f6687fe3b3af690b8d183f7874f4c471eb7e4b5be898ae0b94d545d712f3bf
                                                                                                                                • Instruction Fuzzy Hash: F9011271405B44DED735CF7A948068AFEE0BF18604B50896FD19DD7F01D730A608CBA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 6C0109DA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6C0109E1
                                                                                                                                  • Part of subcall function 6C073D4C: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 6C073D62
                                                                                                                                • LocalFree.KERNEL32(?,0000000C), ref: 6C010A32
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000004.00000002.3006310375.000000006C001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C000000, based on PE: true
                                                                                                                                • Associated: 00000004.00000002.3006282632.000000006C000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3007882956.000000006C0BA000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008256419.000000006C0E3000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008288959.000000006C0E4000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008329754.000000006C0E6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                • Associated: 00000004.00000002.3008369044.000000006C0E8000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_4_2_6c000000_PCCleaner.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FormatFreeH_prolog3_LocalMessage
                                                                                                                                • String ID: unknown error
                                                                                                                                • API String ID: 2435402305-3078798498
                                                                                                                                • Opcode ID: eceed5e950950e77f3fe3ab185ab6b6743e350d9734033e3406ec0879eed6c48
                                                                                                                                • Instruction ID: a1417d3d160f8b74bac8a0b9874a7f0f124d7b7978199e9bf163f5e15280c423
                                                                                                                                • Opcode Fuzzy Hash: eceed5e950950e77f3fe3ab185ab6b6743e350d9734033e3406ec0879eed6c48
                                                                                                                                • Instruction Fuzzy Hash: 78F018B0905305EBDF20DF94C951BAEBFF4AF08748F50452DE594ABB40C7309A49CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 61E8515A Relevance: 35.5, APIs: 17, Strings: 3, Instructions: 457stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E38EA1: sqlite3_value_pointer.SQLITE3 ref: 61E38EB8
                                                                                                                                  • Part of subcall function 61E38EA1: sqlite3_mprintf.SQLITE3 ref: 61E38ED1
                                                                                                                                  • Part of subcall function 61E38EA1: sqlite3_result_error.SQLITE3 ref: 61E38EE7
                                                                                                                                  • Part of subcall function 61E38EA1: sqlite3_free.SQLITE3 ref: 61E38EEF
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E85199
                                                                                                                                • sqlite3_result_blob.SQLITE3 ref: 61E851E3
                                                                                                                                • strcmp.MSVCRT ref: 61E85221
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E85238
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E85318
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E85323
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E8534D
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E853EA
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E85457
                                                                                                                                • sqlite3_result_error_code.SQLITE3 ref: 61E85495
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_mallocsqlite3_result_error$sqlite3_mprintfsqlite3_mutex_entersqlite3_resetsqlite3_result_blobsqlite3_result_error_codesqlite3_value_pointersqlite3_value_textstrcmp
                                                                                                                                • String ID: )pa$matchinfo$pcx
                                                                                                                                • API String ID: 2660825263-925887384
                                                                                                                                • Opcode ID: bd6fa11a9523411b775e793fc9821971e0c22d812c46b7c062762c53594d5f43
                                                                                                                                • Instruction ID: fdd16d66b03fb0a944cb7f2be845a5967308d8d4cd67968c3c8aa7f4dc7c71c9
                                                                                                                                • Opcode Fuzzy Hash: bd6fa11a9523411b775e793fc9821971e0c22d812c46b7c062762c53594d5f43
                                                                                                                                • Instruction Fuzzy Hash: D422EF74A043598FDB40CFA8C480B9DBBF1BF49318F648429E85AAB355DB74E986CF41
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7242A Relevance: 27.2, APIs: 18, Instructions: 201COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_mprintf.SQLITE3 ref: 61E6C71E
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_prepare_v3.SQLITE3 ref: 61E6C798
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_free.SQLITE3 ref: 61E6C7A6
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_bind_value.SQLITE3 ref: 61E6C7F0
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E724AE
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E724F7
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E72502
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E72560
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E725E3
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E725EE
                                                                                                                                • sqlite3_bind_int.SQLITE3 ref: 61E72611
                                                                                                                                • sqlite3_column_int.SQLITE3 ref: 61E72624
                                                                                                                                • sqlite3_bind_int.SQLITE3 ref: 61E7263B
                                                                                                                                • sqlite3_column_int.SQLITE3 ref: 61E7264E
                                                                                                                                • sqlite3_bind_int.SQLITE3 ref: 61E72665
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E72670
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7267B
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7268C
                                                                                                                                  • Part of subcall function 61E23A9E: sqlite3_column_text.SQLITE3 ref: 61E23AB1
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E726A0
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E726C7
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E726D2
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E726DD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_reset$sqlite3_bind_int64sqlite3_step$sqlite3_bind_int$sqlite3_column_int$sqlite3_bind_valuesqlite3_column_textsqlite3_freesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v3
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2558557790-0
                                                                                                                                • Opcode ID: a5ef9e29baf0d9014e27032ad1d0e69b58505a48024a2013c3c90162065077bb
                                                                                                                                • Instruction ID: ab81e219ef83fd4c080d070b37cf106572ea590d470b904a26cc830ab15633b2
                                                                                                                                • Opcode Fuzzy Hash: a5ef9e29baf0d9014e27032ad1d0e69b58505a48024a2013c3c90162065077bb
                                                                                                                                • Instruction Fuzzy Hash: 5581D1B5E0424A8BDB04DFB9C89478DBBF1AF88358F25C42DE898A7340E779D841CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7D2FE Relevance: 21.2, APIs: 14, Instructions: 181COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E7CFF1: sqlite3_free.SQLITE3 ref: 61E7D04F
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E7D38A
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7D39A
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_enter.SQLITE3 ref: 61E55292
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_leave.SQLITE3 ref: 61E55313
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7D37F
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_column_text.SQLITE3 ref: 61E7D40A
                                                                                                                                • sqlite3_column_bytes.SQLITE3 ref: 61E7D41E
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E7D42E
                                                                                                                                • sqlite3_value_bytes.SQLITE3 ref: 61E7D43E
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7D491
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7D4E1
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E7D4EC
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7D4F7
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7D540
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E7D54B
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7D556
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_reset$sqlite3_bind_int64sqlite3_step$sqlite3_mutex_leave$sqlite3_column_bytessqlite3_column_textsqlite3_freesqlite3_mutex_entersqlite3_value_bytessqlite3_value_text
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2794300393-0
                                                                                                                                • Opcode ID: 825b49e1888b59760d0d1bfed7f8937de7d6fb5ff7e6905163c19b6477af936c
                                                                                                                                • Instruction ID: 0e2c0fe04b5439689287f9bb988ead186bab5d008c388b7e3325b2b92369334a
                                                                                                                                • Opcode Fuzzy Hash: 825b49e1888b59760d0d1bfed7f8937de7d6fb5ff7e6905163c19b6477af936c
                                                                                                                                • Instruction Fuzzy Hash: 8171A478A046459FDB50DFA8C48469DBBF1BF88368F25C42DE898AB350E735E842CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7417C Relevance: 19.7, APIs: 13, Instructions: 157COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E7419D
                                                                                                                                  • Part of subcall function 61E18169: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17E42,?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E18171
                                                                                                                                • sqlite3_bind_int.SQLITE3 ref: 61E741F6
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E74201
                                                                                                                                • sqlite3_column_bytes.SQLITE3 ref: 61E7421D
                                                                                                                                • sqlite3_column_blob.SQLITE3 ref: 61E74230
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E74267
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E74275
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_intsqlite3_column_blobsqlite3_column_bytessqlite3_freesqlite3_initializesqlite3_mallocsqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3167175467-0
                                                                                                                                • Opcode ID: b8c3648b61c807dee7c0fadee0268cf28c9176c89e5bfa9fd1e48146a141160d
                                                                                                                                • Instruction ID: d3aee655e464f74800e155454ad4e5166d5ca8d14ce45f17f4d36d780d783c45
                                                                                                                                • Opcode Fuzzy Hash: b8c3648b61c807dee7c0fadee0268cf28c9176c89e5bfa9fd1e48146a141160d
                                                                                                                                • Instruction Fuzzy Hash: F261F3B4A04259DFDB10DFA8C58469DBBF1BF88708F21882DE884AB340D775E951CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E77206 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_bind_text.SQLITE3 ref: 61E77256
                                                                                                                                • sqlite3_bind_value.SQLITE3 ref: 61E77271
                                                                                                                                  • Part of subcall function 61E29712: sqlite3_bind_int64.SQLITE3 ref: 61E29754
                                                                                                                                • sqlite3_bind_int.SQLITE3 ref: 61E7728A
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E77295
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E772A0
                                                                                                                                • sqlite3_blob_open.SQLITE3 ref: 61E7731E
                                                                                                                                • sqlite3_blob_write.SQLITE3 ref: 61E77344
                                                                                                                                • sqlite3_blob_close.SQLITE3 ref: 61E7734F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_intsqlite3_bind_int64sqlite3_bind_textsqlite3_bind_valuesqlite3_blob_closesqlite3_blob_opensqlite3_blob_writesqlite3_resetsqlite3_step
                                                                                                                                • String ID: ja
                                                                                                                                • API String ID: 429181737-3086602706
                                                                                                                                • Opcode ID: fe2d207958f0c325ee1a1da42a0c44c7dd04b8d1ed06712d83cbae39b259dfca
                                                                                                                                • Instruction ID: 762c39cc4781b53f1487699cd0a73e03bd94e89a98ac5c8b5f60f20b4d6d8c28
                                                                                                                                • Opcode Fuzzy Hash: fe2d207958f0c325ee1a1da42a0c44c7dd04b8d1ed06712d83cbae39b259dfca
                                                                                                                                • Instruction Fuzzy Hash: F241F2B4A083559BDB00DFA8C58469EBBF0AF88708F20C95DE898AB350D375D944CF92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7229F Relevance: 15.1, APIs: 10, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_mprintf.SQLITE3 ref: 61E6C71E
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_prepare_v3.SQLITE3 ref: 61E6C798
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_free.SQLITE3 ref: 61E6C7A6
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_bind_value.SQLITE3 ref: 61E6C7F0
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7230D
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_bind_int.SQLITE3 ref: 61E72327
                                                                                                                                  • Part of subcall function 61E295D1: sqlite3_bind_int64.SQLITE3 ref: 61E295F0
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E72348
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E72369
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7238B
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E723AC
                                                                                                                                • sqlite3_bind_text.SQLITE3 ref: 61E723DE
                                                                                                                                • sqlite3_bind_blob.SQLITE3 ref: 61E72407
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E72412
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7241D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_int64$sqlite3_mprintf$sqlite3_bind_blobsqlite3_bind_intsqlite3_bind_textsqlite3_bind_valuesqlite3_freesqlite3_mutex_leavesqlite3_prepare_v3sqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1809103685-0
                                                                                                                                • Opcode ID: ae1c51eeb8f290d2894719f7a1cc9f51ed046bec15551ea4279fd9f3e69c5d19
                                                                                                                                • Instruction ID: 44a0dcf65bf54d018ef8f6937248b22d37dd6fc389b94c106bfe27ef7c92c18c
                                                                                                                                • Opcode Fuzzy Hash: ae1c51eeb8f290d2894719f7a1cc9f51ed046bec15551ea4279fd9f3e69c5d19
                                                                                                                                • Instruction Fuzzy Hash: 42513DB4A0974A9BDB00DF69D48469EBBF0BF88354F11C81EE89897350D779D841CF52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E8834B Relevance: 13.7, APIs: 9, Instructions: 232COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_nullsqlite3_resetsqlite3_stepsqlite3_value_int$sqlite3_bind_int64
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 788585506-0
                                                                                                                                • Opcode ID: 3043a8431b5b6bedfcf7d246166793c07a2d9078d74da4568649b7b9f6920119
                                                                                                                                • Instruction ID: e57deeda82e885270b4b062af8fdd7dcab0efa3d5581d2939dcffec3c0d763e5
                                                                                                                                • Opcode Fuzzy Hash: 3043a8431b5b6bedfcf7d246166793c07a2d9078d74da4568649b7b9f6920119
                                                                                                                                • Instruction Fuzzy Hash: 4DA158B4E042098FCB55EFA8C584A5DBBF1FF88308F25845DD889AB359E731D856DB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E76545 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 276COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E765AF
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E765BA
                                                                                                                                • sqlite3_column_bytes.SQLITE3 ref: 61E765D2
                                                                                                                                • sqlite3_column_blob.SQLITE3 ref: 61E765E8
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E765F8
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7662D
                                                                                                                                  • Part of subcall function 61E6C336: sqlite3_vmprintf.SQLITE3 ref: 61E6C355
                                                                                                                                  • Part of subcall function 61E6C336: sqlite3_free.SQLITE3 ref: 61E6C39A
                                                                                                                                  • Part of subcall function 61E393ED: sqlite3_vmprintf.SQLITE3 ref: 61E39411
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_vmprintf$sqlite3_bind_int64sqlite3_column_blobsqlite3_column_bytessqlite3_freesqlite3_mallocsqlite3_resetsqlite3_step
                                                                                                                                • String ID: Fia
                                                                                                                                • API String ID: 3536727394-3609277590
                                                                                                                                • Opcode ID: c7012b43ceb7f60b304cd1af82afaa48ebf9c66ca9769388e7b63be59bb58ab7
                                                                                                                                • Instruction ID: 0cdc66716a82b562a366d83cd438d1face3448afb9f1c33bd724666cba7f8c52
                                                                                                                                • Opcode Fuzzy Hash: c7012b43ceb7f60b304cd1af82afaa48ebf9c66ca9769388e7b63be59bb58ab7
                                                                                                                                • Instruction Fuzzy Hash: A5C1B0B4D052499FEB14DFA9C18469EFBF0BB88318F24C86AE858AB354D734D841CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7633B Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E763BE
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E763C6
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7648A
                                                                                                                                  • Part of subcall function 61E6C336: sqlite3_vmprintf.SQLITE3 ref: 61E6C355
                                                                                                                                  • Part of subcall function 61E6C336: sqlite3_free.SQLITE3 ref: 61E6C39A
                                                                                                                                • sqlite3_column_int64.SQLITE3 ref: 61E76421
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_int64sqlite3_column_int64sqlite3_freesqlite3_resetsqlite3_stepsqlite3_vmprintf
                                                                                                                                • String ID: %_parent$%_rowid$%gaZga
                                                                                                                                • API String ID: 2442155175-2439509766
                                                                                                                                • Opcode ID: d3a4075a781c5089eb357b386ee601b22430b6d6c61614f49fc8d9aeafe33440
                                                                                                                                • Instruction ID: 1577cee0add73389b43cfff55088c2fefbe57caf2776cbf4a812e609589dae00
                                                                                                                                • Opcode Fuzzy Hash: d3a4075a781c5089eb357b386ee601b22430b6d6c61614f49fc8d9aeafe33440
                                                                                                                                • Instruction Fuzzy Hash: 0F415FB49097559FDB10CF99D18068EBBF1BB88718F21C92EE89897310E774D981CF92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E24497 Relevance: 10.7, APIs: 7, Instructions: 247COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_int.SQLITE3 ref: 61E244EC
                                                                                                                                • sqlite3_value_bytes.SQLITE3 ref: 61E2450C
                                                                                                                                • sqlite3_value_blob.SQLITE3 ref: 61E24519
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E24530
                                                                                                                                • sqlite3_value_int.SQLITE3 ref: 61E24580
                                                                                                                                • sqlite3_result_text64.SQLITE3 ref: 61E246D0
                                                                                                                                • sqlite3_result_blob64.SQLITE3 ref: 61E2472A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_int$sqlite3_result_blob64sqlite3_result_text64sqlite3_value_blobsqlite3_value_bytessqlite3_value_text
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3992148849-0
                                                                                                                                • Opcode ID: f880e051ed8f72ad98188da1c43806e81042311f03f9365ddc255407efa4035e
                                                                                                                                • Instruction ID: c34e2bbfa8f62876d76cfb78204071e3e5196aff9a6c947004f9d57819a851ee
                                                                                                                                • Opcode Fuzzy Hash: f880e051ed8f72ad98188da1c43806e81042311f03f9365ddc255407efa4035e
                                                                                                                                • Instruction Fuzzy Hash: 60917475E04659CFDB11CFA8C8A069DBBF1BB89328F25C22ED8A497390D734D842CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E711C6 Relevance: 10.6, APIs: 7, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E7120B
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_initialize.SQLITE3 ref: 61E35D48
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_vmprintf.SQLITE3 ref: 61E35D62
                                                                                                                                • sqlite3_prepare_v3.SQLITE3 ref: 61E7124D
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E7125B
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7127D
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7129E
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E712A9
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E712B4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_int64$sqlite3_freesqlite3_initializesqlite3_mprintfsqlite3_mutex_entersqlite3_prepare_v3sqlite3_resetsqlite3_stepsqlite3_vmprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2773015654-0
                                                                                                                                • Opcode ID: fe4eb2c7730c2b3e60708b5139b1454d6374a06d17c8c34475f934411861ce3c
                                                                                                                                • Instruction ID: efd8791bb09424c57fc029d93fcbe673f2451a8a31037290d2d3057266ed2f92
                                                                                                                                • Opcode Fuzzy Hash: fe4eb2c7730c2b3e60708b5139b1454d6374a06d17c8c34475f934411861ce3c
                                                                                                                                • Instruction Fuzzy Hash: 1431D5B4A053459FDB00DFA9C08464ABBF4BF88758F20C96EE8889B351D375D841CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E75605 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E75634
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_bind_null.SQLITE3 ref: 61E75646
                                                                                                                                • sqlite3_bind_blob.SQLITE3 ref: 61E7566C
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E75674
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E75683
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_blobsqlite3_bind_int64sqlite3_bind_nullsqlite3_mutex_leavesqlite3_resetsqlite3_step
                                                                                                                                • String ID: a
                                                                                                                                • API String ID: 2721088213-3904355907
                                                                                                                                • Opcode ID: 382cb50bc75715504a4c280b30f74736a7f319e0e45e7e9f1ad2314c5d12af2a
                                                                                                                                • Instruction ID: b3299921f6c00a557b3d19e5fa9855d1239fd685ba27283c0d485515a2a69ca4
                                                                                                                                • Opcode Fuzzy Hash: 382cb50bc75715504a4c280b30f74736a7f319e0e45e7e9f1ad2314c5d12af2a
                                                                                                                                • Instruction Fuzzy Hash: B921E3B46087519FD744DF69D084A0ABBE4FF88728F15C96DE8888B312D375E881CF92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6C6C1 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E6C71E
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_initialize.SQLITE3 ref: 61E35D48
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_vmprintf.SQLITE3 ref: 61E35D62
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E6C73D
                                                                                                                                • sqlite3_prepare_v3.SQLITE3 ref: 61E6C798
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E6C7A6
                                                                                                                                • sqlite3_bind_value.SQLITE3 ref: 61E6C7F0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mprintf$sqlite3_bind_valuesqlite3_freesqlite3_initializesqlite3_prepare_v3sqlite3_vmprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 238581650-0
                                                                                                                                • Opcode ID: fd5d05cac427eddb0bef83b1be8a01569de432d2e08f386ef4cad51e46ef450d
                                                                                                                                • Instruction ID: 9db08922f1331df98bc6c967ba30fa6869cb875426a2e5fcff899806ad11962f
                                                                                                                                • Opcode Fuzzy Hash: fd5d05cac427eddb0bef83b1be8a01569de432d2e08f386ef4cad51e46ef450d
                                                                                                                                • Instruction Fuzzy Hash: D541E4B4A04355CFDB10DF68C484B5ABBF5AB88314F60C8AEE8589B300D734E981CF92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7409C Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E740B3
                                                                                                                                  • Part of subcall function 61E18169: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17E42,?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E18171
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E740FC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_initializesqlite3_malloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1320878182-0
                                                                                                                                • Opcode ID: c50d8964f367a96cc2b00dbfaf54bed84f96c684f1066882aff5373e1e9090cc
                                                                                                                                • Instruction ID: ae1dcdc365fd6ffacc6b2a79989d210a7921aa97b09004923cd3cc7de6eaa9c7
                                                                                                                                • Opcode Fuzzy Hash: c50d8964f367a96cc2b00dbfaf54bed84f96c684f1066882aff5373e1e9090cc
                                                                                                                                • Instruction Fuzzy Hash: 4521A3B4A047458BDB10EFA9D4846AEFBF4BF88354F20C82EE89897350D778D841CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E712C4 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E71312
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E7131D
                                                                                                                                • sqlite3_column_blob.SQLITE3 ref: 61E71340
                                                                                                                                • sqlite3_column_bytes.SQLITE3 ref: 61E71355
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E71391
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_int64sqlite3_column_blobsqlite3_column_bytessqlite3_mutex_leavesqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1362299409-0
                                                                                                                                • Opcode ID: 3704b73c07054fb10dd7182b955fcb71a940033cd605381af9d036dd8c970879
                                                                                                                                • Instruction ID: 4a888d821b5ef59a579f1a44e3f018d1802d681f2bb6ef21b8628cab239110f6
                                                                                                                                • Opcode Fuzzy Hash: 3704b73c07054fb10dd7182b955fcb71a940033cd605381af9d036dd8c970879
                                                                                                                                • Instruction Fuzzy Hash: FF210474E04309ABEB10DFA9D49469EFBF4AF88318F25C42EE89497740D779D842CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E707A4 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E707CF
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_bind_blob.SQLITE3 ref: 61E707F8
                                                                                                                                  • Part of subcall function 61E293F4: sqlite3_mutex_leave.SQLITE3 ref: 61E293D6
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E70803
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7080E
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_enter.SQLITE3 ref: 61E55292
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_leave.SQLITE3 ref: 61E55313
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E7082F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_leave$sqlite3_bind_blobsqlite3_bind_int64sqlite3_mprintfsqlite3_mutex_entersqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 315626684-0
                                                                                                                                • Opcode ID: 07fef630dd2251b3bde75f2e2a5d3e7c1558498d4e30ee289f998a7fb1f23f99
                                                                                                                                • Instruction ID: 1b198e4401471b07040d423d2b2b3f61dcc022e6ecb6e6cf37b45f7489314846
                                                                                                                                • Opcode Fuzzy Hash: 07fef630dd2251b3bde75f2e2a5d3e7c1558498d4e30ee289f998a7fb1f23f99
                                                                                                                                • Instruction Fuzzy Hash: 6311B2B4A043419FDB40DF69C48865ABBE4EF89358F21C96EE8888B351D775D880CF82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E432AA Relevance: 6.4, APIs: 4, Instructions: 418COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E432BF
                                                                                                                                  • Part of subcall function 61E128C4: sqlite3_mutex_try.SQLITE3(?,?,?,61E12944), ref: 61E12864
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E432D8
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E433EC
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E43807
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2068833801-0
                                                                                                                                • Opcode ID: f7e3f23f18de261adae48453642d3bc1ff795403ea3dc1b1d47b87d32902aa25
                                                                                                                                • Instruction ID: bcdf2af5bd2aafc242095bbfe9a8f181e94a7953929da938efb133b91c059695
                                                                                                                                • Opcode Fuzzy Hash: f7e3f23f18de261adae48453642d3bc1ff795403ea3dc1b1d47b87d32902aa25
                                                                                                                                • Instruction Fuzzy Hash: B9022774A046598FDB14CFA9D480A8EBBF2FF88318F24C529E8559B351DB74E846CF40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E880E0 Relevance: 6.2, APIs: 4, Instructions: 200COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E86C8E: sqlite3_bind_int64.SQLITE3 ref: 61E86CBB
                                                                                                                                  • Part of subcall function 61E86C8E: sqlite3_step.SQLITE3 ref: 61E86CC6
                                                                                                                                  • Part of subcall function 61E86C8E: sqlite3_column_int64.SQLITE3 ref: 61E86CDE
                                                                                                                                  • Part of subcall function 61E86C8E: sqlite3_reset.SQLITE3 ref: 61E86D1B
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E881C5
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E881D0
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E881DB
                                                                                                                                  • Part of subcall function 61E86D2A: sqlite3_bind_int64.SQLITE3 ref: 61E86D74
                                                                                                                                  • Part of subcall function 61E86D2A: sqlite3_step.SQLITE3 ref: 61E86D7F
                                                                                                                                  • Part of subcall function 61E86D2A: sqlite3_reset.SQLITE3 ref: 61E86DD7
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E882B1
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_int64sqlite3_resetsqlite3_step$sqlite3_column_int64sqlite3_freesqlite3_mutex_enter
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3723163183-0
                                                                                                                                • Opcode ID: 51d1080a716c60a9ab231e7279d1fb71b5f9b901725f4713905b0a47c07af630
                                                                                                                                • Instruction ID: eb5f49544a59aa548ef69c3a755b7c92c7047da90ebdbb5293daa0e096ff9778
                                                                                                                                • Opcode Fuzzy Hash: 51d1080a716c60a9ab231e7279d1fb71b5f9b901725f4713905b0a47c07af630
                                                                                                                                • Instruction Fuzzy Hash: 02811874A0475A8FCB45CFE9C580A9DBBF5BF88308F248529D848EB314E774E846DB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E713AC Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_reset$sqlite3_bind_int64sqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4282268999-0
                                                                                                                                • Opcode ID: bee96e9d4e34b82c2ce124898f864080949169bc3d227b8ddafed997d50d8c9c
                                                                                                                                • Instruction ID: 1a1f0ae7215ed9f13a2f928cd9968004d6d7bf4c8c75c0577f7984189cec3c61
                                                                                                                                • Opcode Fuzzy Hash: bee96e9d4e34b82c2ce124898f864080949169bc3d227b8ddafed997d50d8c9c
                                                                                                                                • Instruction Fuzzy Hash: C6218C306043058BDB409FA9C48471AB7F9BF8439CF6584ACDC48CB359E775C881CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E727FA Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E72832
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E72841
                                                                                                                                • sqlite3_result_error_code.SQLITE3 ref: 61E72890
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_int64sqlite3_result_error_codesqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 840565016-0
                                                                                                                                • Opcode ID: 39a21f350db015026b91492fb60bf541b4cc17f3f535204cd874dd353e52fbf5
                                                                                                                                • Instruction ID: 695d6c893ea581b5a0dfa4a1e02b3473fc66ae33ca45db9ef46ae39702a35a09
                                                                                                                                • Opcode Fuzzy Hash: 39a21f350db015026b91492fb60bf541b4cc17f3f535204cd874dd353e52fbf5
                                                                                                                                • Instruction Fuzzy Hash: 7F111C70A087469BF7209BB9C48470AFBE4AF59358F24C92DE8988B700E376D880CB41
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E726EE Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_mprintf.SQLITE3 ref: 61E6C71E
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_prepare_v3.SQLITE3 ref: 61E6C798
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_free.SQLITE3 ref: 61E6C7A6
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_bind_value.SQLITE3 ref: 61E6C7F0
                                                                                                                                • sqlite3_bind_int.SQLITE3 ref: 61E7272F
                                                                                                                                  • Part of subcall function 61E295D1: sqlite3_bind_int64.SQLITE3 ref: 61E295F0
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E7273A
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7274A
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_enter.SQLITE3 ref: 61E55292
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_leave.SQLITE3 ref: 61E55313
                                                                                                                                • sqlite3_column_type.SQLITE3 ref: 61E72772
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_intsqlite3_bind_int64sqlite3_bind_valuesqlite3_column_typesqlite3_freesqlite3_mprintfsqlite3_mutex_entersqlite3_mutex_leavesqlite3_prepare_v3sqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1560285677-0
                                                                                                                                • Opcode ID: 8b663bbbe79b30fbd7cef1f5c7140214bf26b4f261fccd1a29d620a1ea9ded23
                                                                                                                                • Instruction ID: e69038b9976688d98002821fc70042d45070382d000c33e9479d49c9ef584a15
                                                                                                                                • Opcode Fuzzy Hash: 8b663bbbe79b30fbd7cef1f5c7140214bf26b4f261fccd1a29d620a1ea9ded23
                                                                                                                                • Instruction Fuzzy Hash: 5501D774A0830A9BEB109FE9D59479EFBF4EB48358F20C86DD894D7340E779D9408B81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7079A Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E707CF
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_bind_blob.SQLITE3 ref: 61E707F8
                                                                                                                                  • Part of subcall function 61E293F4: sqlite3_mutex_leave.SQLITE3 ref: 61E293D6
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E70803
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E7080E
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_enter.SQLITE3 ref: 61E55292
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_leave.SQLITE3 ref: 61E55313
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E7082F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_leave$sqlite3_bind_blobsqlite3_bind_int64sqlite3_mprintfsqlite3_mutex_entersqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 315626684-0
                                                                                                                                • Opcode ID: df175ebbfc698a86e95dcccc3a8e4cd250efd2aca8bbbe33aca699dd3142e8e2
                                                                                                                                • Instruction ID: ebf2f68357c04766974e5b7574d05dbdfa76ec33d3b9ac21d9015b20df5cdcab
                                                                                                                                • Opcode Fuzzy Hash: df175ebbfc698a86e95dcccc3a8e4cd250efd2aca8bbbe33aca699dd3142e8e2
                                                                                                                                • Instruction Fuzzy Hash: 0501C5B49083449FDB409F69C08464ABBE4FF88368F21C96EE8888B311D375D840CF82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7219B Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_mprintf.SQLITE3 ref: 61E6C71E
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_prepare_v3.SQLITE3 ref: 61E6C798
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_free.SQLITE3 ref: 61E6C7A6
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_bind_value.SQLITE3 ref: 61E6C7F0
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E721D5
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_bind_blob.SQLITE3 ref: 61E721FE
                                                                                                                                  • Part of subcall function 61E293F4: sqlite3_mutex_leave.SQLITE3 ref: 61E293D6
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E72209
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E72214
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_enter.SQLITE3 ref: 61E55292
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_leave.SQLITE3 ref: 61E55313
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_leave$sqlite3_bind_blobsqlite3_bind_int64sqlite3_bind_valuesqlite3_freesqlite3_mprintfsqlite3_mutex_entersqlite3_prepare_v3sqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 883330656-0
                                                                                                                                • Opcode ID: 081005358fac32b82e36fa5d2540bac0a4c9c3893ccfc7653462fae242b223d9
                                                                                                                                • Instruction ID: 5070decb3b13a82bac19c0252955441675c499ab3524c5461557b9e721b5d971
                                                                                                                                • Opcode Fuzzy Hash: 081005358fac32b82e36fa5d2540bac0a4c9c3893ccfc7653462fae242b223d9
                                                                                                                                • Instruction Fuzzy Hash: AC01DA75908345ABDB00EFA9D04465EFBF4FF84758F10C81EE8A887340D775D9448B82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E72220 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_mprintf.SQLITE3 ref: 61E6C71E
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_prepare_v3.SQLITE3 ref: 61E6C798
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_free.SQLITE3 ref: 61E6C7A6
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_bind_value.SQLITE3 ref: 61E6C7F0
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7225D
                                                                                                                                  • Part of subcall function 61E29582: sqlite3_mutex_leave.SQLITE3 ref: 61E295C1
                                                                                                                                • sqlite3_bind_int64.SQLITE3 ref: 61E7227E
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E72289
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E72294
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_enter.SQLITE3 ref: 61E55292
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_leave.SQLITE3 ref: 61E55313
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_bind_int64sqlite3_mutex_leave$sqlite3_bind_valuesqlite3_freesqlite3_mprintfsqlite3_mutex_entersqlite3_prepare_v3sqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1867606076-0
                                                                                                                                • Opcode ID: daa18b7888feea4521d95e0ec435556a5afbd2bff9121e361903b368a71911ef
                                                                                                                                • Instruction ID: e642f925e723ec682083a33d57a05cdf1afc917d0982f7a84dcf44242a3f229c
                                                                                                                                • Opcode Fuzzy Hash: daa18b7888feea4521d95e0ec435556a5afbd2bff9121e361903b368a71911ef
                                                                                                                                • Instruction Fuzzy Hash: 540193B4A08205ABDB04DFA5D08464EFBF4FF88358F10C85EE89887305E375D9908B52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3A271 Relevance: 40.5, APIs: 16, Strings: 7, Instructions: 209COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A2E3
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E3A314
                                                                                                                                  • Part of subcall function 61E23366: sqlite3_vsnprintf.SQLITE3 ref: 61E23387
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A458
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A495
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A4D0
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E3A502
                                                                                                                                • sqlite3_randomness.SQLITE3 ref: 61E3A51E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_randomnesssqlite3_vsnprintf
                                                                                                                                • String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname3$winGetTempname4$winGetTempname5$%a
                                                                                                                                • API String ID: 3041771859-4071845528
                                                                                                                                • Opcode ID: 6c187a109bf54e7275fe69e9ed5e6ea401fa9b994f86fcd883b8311ad925dd6e
                                                                                                                                • Instruction ID: 729ebd7b3985387e353d4d58e38c0af8cf16a61424da3d1b802777daa90a375a
                                                                                                                                • Opcode Fuzzy Hash: 6c187a109bf54e7275fe69e9ed5e6ea401fa9b994f86fcd883b8311ad925dd6e
                                                                                                                                • Instruction Fuzzy Hash: 34814DB0549752CFDB00AF69858466EBBF1AFC5308F25C82DE499CB351E778C882DB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7997D Relevance: 33.5, APIs: 7, Strings: 12, Instructions: 294COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E1842E: sqlite3_malloc.SQLITE3 ref: 61E18443
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E79ADB
                                                                                                                                  • Part of subcall function 61E3771E: sqlite3_malloc.SQLITE3 ref: 61E37740
                                                                                                                                  • Part of subcall function 61E3771E: sqlite3_stricmp.SQLITE3 ref: 61E377CE
                                                                                                                                  • Part of subcall function 61E3771E: sqlite3_mprintf.SQLITE3 ref: 61E377E2
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E79B3D
                                                                                                                                  • Part of subcall function 61E18169: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17E42,?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E18171
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E79B61
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E79B9E
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E79BDA
                                                                                                                                  • Part of subcall function 61E35B80: sqlite3_vmprintf.SQLITE3 ref: 61E35B9E
                                                                                                                                • sqlite3_declare_vtab.SQLITE3 ref: 61E79D0D
                                                                                                                                  • Part of subcall function 61E6EE0E: sqlite3_mutex_enter.SQLITE3 ref: 61E6EE2D
                                                                                                                                  • Part of subcall function 61E6EE0E: sqlite3_mutex_leave.SQLITE3 ref: 61E6EE5A
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E79D18
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_malloc$sqlite3_freesqlite3_mutex_entersqlite3_snprintf$sqlite3_declare_vtabsqlite3_initializesqlite3_mprintfsqlite3_mutex_leavesqlite3_stricmpsqlite3_vmprintf
                                                                                                                                • String ID: @$config$content$data$docsize$id INTEGER PRIMARY KEY, block BLOB$id INTEGER PRIMARY KEY, sz BLOB$idx$k PRIMARY KEY, v$segid, term, pgno, PRIMARY KEY(segid, term)$tla$version
                                                                                                                                • API String ID: 2659326928-1147159000
                                                                                                                                • Opcode ID: a7840b2efad1632b0c35cb1c5fae1f681f274ee33512a3ce6fd005e5e798e958
                                                                                                                                • Instruction ID: d1a95bdfa4c8f96c70788f39b867b84d22cd7c3866e5172e98e629bab77318fb
                                                                                                                                • Opcode Fuzzy Hash: a7840b2efad1632b0c35cb1c5fae1f681f274ee33512a3ce6fd005e5e798e958
                                                                                                                                • Instruction Fuzzy Hash: 44D1D2B0A053498FEB14DFA9C58069EBBF0BF88314F21C82AE859AB350D775D941CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E264FE Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 189COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_is_nt
                                                                                                                                • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                                                                                • API String ID: 3752053736-2111127023
                                                                                                                                • Opcode ID: 77561757b39690c93a4772f0e264e4a3ca598f4a26962b56912c4384fa637ca4
                                                                                                                                • Instruction ID: d7134e9b0f4f84319ce4de60d2c9dbd4667500679a8e8d77e1e82d19404f0faf
                                                                                                                                • Opcode Fuzzy Hash: 77561757b39690c93a4772f0e264e4a3ca598f4a26962b56912c4384fa637ca4
                                                                                                                                • Instruction Fuzzy Hash: D37129B05086858FDB01EF69D59426EBBF1AF89314F20C92DE898CB350E738C941CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0C5E0 Relevance: 30.3, APIs: 13, Strings: 7, Instructions: 320COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmp
                                                                                                                                • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                                • API String ID: 1475443563-1713922985
                                                                                                                                • Opcode ID: 540b2d217fdbc4a8af335daa428e0ff42dfab5f53dd43eaef2fced9d160fb91a
                                                                                                                                • Instruction ID: 9ea54213c13996d812ea37af533ce6209cfe601b7f8fc8215c1ade9f9a917820
                                                                                                                                • Opcode Fuzzy Hash: 540b2d217fdbc4a8af335daa428e0ff42dfab5f53dd43eaef2fced9d160fb91a
                                                                                                                                • Instruction Fuzzy Hash: 94D14970A093469BDB00CF98C48166EBBF4AF89309F65C88EE884A7355D375D857CB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3A9A4 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 328COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A9F4
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E3AA20
                                                                                                                                • sqlite3_mutex_alloc.SQLITE3 ref: 61E3AA7B
                                                                                                                                • sqlite3_uri_boolean.SQLITE3 ref: 61E3AAA3
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3AB38
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E3AB57
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E3ADA8
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_mutex_enter$sqlite3_mutex_allocsqlite3_mutex_leavesqlite3_snprintfsqlite3_uri_boolean
                                                                                                                                • String ID: J&a$Q&a$winOpenShm$winShmMap1$winShmMap2$winShmMap3
                                                                                                                                • API String ID: 768533177-2190303464
                                                                                                                                • Opcode ID: 8acf8cb599cdd595b272f138c9f7f8b8e9bcbe02db5c1e6a0110d872349fe6ec
                                                                                                                                • Instruction ID: 4f2fea7567c25cb007cb319a600eba8e5d8493b4a7530240516761c49ba67cc4
                                                                                                                                • Opcode Fuzzy Hash: 8acf8cb599cdd595b272f138c9f7f8b8e9bcbe02db5c1e6a0110d872349fe6ec
                                                                                                                                • Instruction Fuzzy Hash: CEE113B4A042559FDB04DF68C494A59BBF1BF89308F25C96DE888CB361D738D885CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0C753 Relevance: 27.3, APIs: 11, Strings: 7, Instructions: 287COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmp
                                                                                                                                • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                                • API String ID: 1475443563-1713922985
                                                                                                                                • Opcode ID: 9697eecb9554d90e9454cc3604173fa8dd0c82b94f75b97d60f827b45e04312e
                                                                                                                                • Instruction ID: c7b4ff3f66d65b44ccd013a00bb4e127276208c70660117fd3a37e2aba9eca14
                                                                                                                                • Opcode Fuzzy Hash: 9697eecb9554d90e9454cc3604173fa8dd0c82b94f75b97d60f827b45e04312e
                                                                                                                                • Instruction Fuzzy Hash: 79C14774A083469BDB00CF58C58166EBBF4AF89309F65C88EE884A7345D375D857CB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0C92D Relevance: 27.3, APIs: 11, Strings: 7, Instructions: 280COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmp
                                                                                                                                • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                                • API String ID: 1475443563-1713922985
                                                                                                                                • Opcode ID: 8fe96b4d3a4fce7c9ee0013f3be0c1f04bf495a129c1602cd8af173b83607abe
                                                                                                                                • Instruction ID: 904cff613c4e339ca55f2a212addf9048cd5ff7e5b8d93d67c75141368f0f59d
                                                                                                                                • Opcode Fuzzy Hash: 8fe96b4d3a4fce7c9ee0013f3be0c1f04bf495a129c1602cd8af173b83607abe
                                                                                                                                • Instruction Fuzzy Hash: 35C147B0A093469BDB00CF58C58166EBBF4AF89309F65C88EE88497304D375D857CB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0C425 Relevance: 25.8, APIs: 10, Strings: 7, Instructions: 268COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmp
                                                                                                                                • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                                • API String ID: 1475443563-1713922985
                                                                                                                                • Opcode ID: a2e95d7f06da50e2b53e78d100c15fd75e1c9828e3a0086ad5f99fa9818f6fd6
                                                                                                                                • Instruction ID: 3cdb64650cb32f89eb76fad29ee498bd6d24b74618a198485c696ad2e4396fcf
                                                                                                                                • Opcode Fuzzy Hash: a2e95d7f06da50e2b53e78d100c15fd75e1c9828e3a0086ad5f99fa9818f6fd6
                                                                                                                                • Instruction Fuzzy Hash: 92B146B0E092469BDB00CF58C58166EBBF4AF89309F65C88EE984A7305D375D857CB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0C4B7 Relevance: 25.8, APIs: 10, Strings: 7, Instructions: 259COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmp
                                                                                                                                • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                                • API String ID: 1475443563-1713922985
                                                                                                                                • Opcode ID: 14f86cab1585194ed571b5e736493ea73ae815d5bb982173b8dbb7df04dc3915
                                                                                                                                • Instruction ID: 7ee5ed41223fd9fe530f8f05de17fbbc12bbe8df2c41f6166fdfc6e59ba80628
                                                                                                                                • Opcode Fuzzy Hash: 14f86cab1585194ed571b5e736493ea73ae815d5bb982173b8dbb7df04dc3915
                                                                                                                                • Instruction Fuzzy Hash: 33B147B0E092469BDB00CF58C48166EBBF4AF89309F61C88EE98497344D375D897CB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0C58D Relevance: 24.2, APIs: 9, Strings: 7, Instructions: 248COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmp
                                                                                                                                • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                                • API String ID: 1475443563-1713922985
                                                                                                                                • Opcode ID: eccec6c416e670f5a8ff4baed0023757562856d4ff6b1e5eecd95e9bf12d0f6f
                                                                                                                                • Instruction ID: 9e2b49982664ace51c55555275cff99197757f8fad00142900a8c0ee578ac876
                                                                                                                                • Opcode Fuzzy Hash: eccec6c416e670f5a8ff4baed0023757562856d4ff6b1e5eecd95e9bf12d0f6f
                                                                                                                                • Instruction Fuzzy Hash: 96A136B0E092469BDB00CF58C48166EBBF4AF89309F65C88EE98497304D375D897CB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0C53F Relevance: 24.2, APIs: 9, Strings: 7, Instructions: 248COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmp
                                                                                                                                • String ID: ance$ate$ence$iti$ive$ize$ous
                                                                                                                                • API String ID: 1475443563-1713922985
                                                                                                                                • Opcode ID: fed7021b7bae2d6c31633d626521af472884395631a595ab820599a454ef42d0
                                                                                                                                • Instruction ID: 53c92cdf290fc6adacb099a23b2dd5fcddc5bc70f704982a070b8da73c204d32
                                                                                                                                • Opcode Fuzzy Hash: fed7021b7bae2d6c31633d626521af472884395631a595ab820599a454ef42d0
                                                                                                                                • Instruction Fuzzy Hash: A2A136B4E093469BDB00CF58C48566EBBF4AB89309F61C88EE98497344D375E857CB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E390FB Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_result_error$sqlite3_value_bytes$sqlite3_db_configsqlite3_freesqlite3_mprintfsqlite3_result_blobsqlite3_value_blobsqlite3_value_text
                                                                                                                                • String ID: U%a$out of memory
                                                                                                                                • API String ID: 2048698484-225341927
                                                                                                                                • Opcode ID: 3b69dccaabe746a4cb374cbf814e0a11b1e0bc89b57f2c98dbbd10ab1e3472b5
                                                                                                                                • Instruction ID: 180e1da92f6e24be1d09d3959844f401a66473537e85ea2573afa65bf8d89a44
                                                                                                                                • Opcode Fuzzy Hash: 3b69dccaabe746a4cb374cbf814e0a11b1e0bc89b57f2c98dbbd10ab1e3472b5
                                                                                                                                • Instruction Fuzzy Hash: C941B4B09097569BCB10EFA8C48465DBBF0BF89724F21CA1DE8A8AB394D734D441CF52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3A558 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 298COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A5D0
                                                                                                                                  • Part of subcall function 61E3A271: sqlite3_free.SQLITE3 ref: 61E3A2E3
                                                                                                                                • sqlite3_win32_is_nt.SQLITE3 ref: 61E3A5FD
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A662
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A66D
                                                                                                                                • sqlite3_win32_is_nt.SQLITE3 ref: 61E3A6E2
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A85D
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A868
                                                                                                                                  • Part of subcall function 61E17583: sqlite3_win32_sleep.SQLITE3 ref: 61E175DB
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A8FC
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3A907
                                                                                                                                • sqlite3_uri_boolean.SQLITE3 ref: 61E3A945
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_win32_is_nt$sqlite3_uri_booleansqlite3_win32_sleep
                                                                                                                                • String ID: E&a$winOpen
                                                                                                                                • API String ID: 3191412944-3109294576
                                                                                                                                • Opcode ID: c5448a24634e71a33c7c8f6d5cc3f33548d12d0b62826a0e7e929967c547d876
                                                                                                                                • Instruction ID: 87524873917d5b4451bf6548f77c387e334572aebcb143ad5d4d0acb7e6ca0d8
                                                                                                                                • Opcode Fuzzy Hash: c5448a24634e71a33c7c8f6d5cc3f33548d12d0b62826a0e7e929967c547d876
                                                                                                                                • Instruction Fuzzy Hash: 39D1D3B49047199FDB10DFA9C58478EBBF0BF88318F208929E898DB390D774D885CB41
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E79738 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 162COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E704AB: sqlite3_step.SQLITE3 ref: 61E704CC
                                                                                                                                  • Part of subcall function 61E704AB: sqlite3_reset.SQLITE3 ref: 61E70527
                                                                                                                                  • Part of subcall function 61E774AE: sqlite3_blob_bytes.SQLITE3 ref: 61E77570
                                                                                                                                  • Part of subcall function 61E774AE: sqlite3_malloc.SQLITE3 ref: 61E7757D
                                                                                                                                  • Part of subcall function 61E774AE: sqlite3_blob_read.SQLITE3 ref: 61E775A6
                                                                                                                                  • Part of subcall function 61E774AE: sqlite3_free.SQLITE3 ref: 61E775C0
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E7993D
                                                                                                                                  • Part of subcall function 61E35B80: sqlite3_vmprintf.SQLITE3 ref: 61E35B9E
                                                                                                                                • sqlite3_prepare_v2.SQLITE3 ref: 61E7984F
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E7985A
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E79871
                                                                                                                                • sqlite3_column_text.SQLITE3 ref: 61E79889
                                                                                                                                • sqlite3_column_value.SQLITE3 ref: 61E7989E
                                                                                                                                • sqlite3_stricmp.SQLITE3 ref: 61E798B1
                                                                                                                                • sqlite3_value_int.SQLITE3 ref: 61E798C0
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E798E4
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E7991D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_step$sqlite3_blob_bytessqlite3_blob_readsqlite3_column_textsqlite3_column_valuesqlite3_finalizesqlite3_mallocsqlite3_mprintfsqlite3_mutex_entersqlite3_prepare_v2sqlite3_resetsqlite3_stricmpsqlite3_value_intsqlite3_vmprintf
                                                                                                                                • String ID: Cka$Kka
                                                                                                                                • API String ID: 3644032086-2749807583
                                                                                                                                • Opcode ID: bf0df0c9385c37cbe690876110e7229c48906fb132dec63f9d7513daf77a7493
                                                                                                                                • Instruction ID: 32d79a60b72b64059a4db156c128a8a55d731eb333ef254cef17b08e426a5b24
                                                                                                                                • Opcode Fuzzy Hash: bf0df0c9385c37cbe690876110e7229c48906fb132dec63f9d7513daf77a7493
                                                                                                                                • Instruction Fuzzy Hash: 2871E2B090465ACFEB10DFA8C58478DBBF0BF88318F258569E898AB350E775D845CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E8123F Relevance: 19.7, APIs: 13, Instructions: 184COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_mprintfsqlite3_value_bytessqlite3_value_text$sqlite3_mutex_entersqlite3_value_int
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1255846193-0
                                                                                                                                • Opcode ID: c63034dda422ce3a67729517302b9144948682b50994a6674c9bacf8e40c0cd2
                                                                                                                                • Instruction ID: aa42d7f034a7b25e4dbdb166d0f661113a51322cb8647a5aface5309804e97a7
                                                                                                                                • Opcode Fuzzy Hash: c63034dda422ce3a67729517302b9144948682b50994a6674c9bacf8e40c0cd2
                                                                                                                                • Instruction Fuzzy Hash: 2C7115B0A046558FDB90DFA8C48069DBBF1EF88324F21C669D868AB394E735D842CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E38213 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 216COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E3822C
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_initialize.SQLITE3 ref: 61E35D48
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_vmprintf.SQLITE3 ref: 61E35D62
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_initializesqlite3_mprintfsqlite3_vmprintf
                                                                                                                                • String ID: + $ NOT $ OR $"$(,)?$g$a$ua
                                                                                                                                • API String ID: 2841607023-2134996385
                                                                                                                                • Opcode ID: 9449bcbee90d3aafca3abebb0a3b4f33af057cbcba5d59f7837517482cba2b02
                                                                                                                                • Instruction ID: 2797d26a2b695eb1c2e0b41ebe63cab037f0c88ae10497b46f22d003191f06a6
                                                                                                                                • Opcode Fuzzy Hash: 9449bcbee90d3aafca3abebb0a3b4f33af057cbcba5d59f7837517482cba2b02
                                                                                                                                • Instruction Fuzzy Hash: 8E913870A08666CBDB01CFA8C480A9DBBF5BFC9704F29CA69D894EB351D374D841DB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E387E3 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_text$sqlite3_value_int$sqlite3_mallocsqlite3_result_error
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3802728871-0
                                                                                                                                • Opcode ID: 8ab57c28d47e4f5431316429128db6872b5fa4b340a34706749f2dcb563c5d4f
                                                                                                                                • Instruction ID: e355d21bd8df15021c04977c1b88b3a22c1191de435d6a03ac739b26de23ec69
                                                                                                                                • Opcode Fuzzy Hash: 8ab57c28d47e4f5431316429128db6872b5fa4b340a34706749f2dcb563c5d4f
                                                                                                                                • Instruction Fuzzy Hash: F7127FB49053698FDB50DF68C984B8DBBF1BF88314F1085AAE899E7341E7349A85CF11
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E869FD Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 203COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_blob_reopen.SQLITE3 ref: 61E86A90
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E86ACF
                                                                                                                                • sqlite3_blob_open.SQLITE3 ref: 61E86B13
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E86B20
                                                                                                                                  • Part of subcall function 61E54040: sqlite3_blob_close.SQLITE3 ref: 61E54063
                                                                                                                                • sqlite3_blob_bytes.SQLITE3 ref: 61E86B55
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E86B6D
                                                                                                                                • sqlite3_blob_read.SQLITE3 ref: 61E86BBD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_blob_bytessqlite3_blob_closesqlite3_blob_opensqlite3_blob_readsqlite3_blob_reopensqlite3_freesqlite3_mallocsqlite3_mprintf
                                                                                                                                • String ID: a$data
                                                                                                                                • API String ID: 937121834-3399276775
                                                                                                                                • Opcode ID: 60ec865dfac0b710f061d316e8424b266759273f3f764fe003e355581fe04eab
                                                                                                                                • Instruction ID: c6aeb5e6852df73af55fc6b3ad805763d28c3cda4032feca3042d11b9c2586b3
                                                                                                                                • Opcode Fuzzy Hash: 60ec865dfac0b710f061d316e8424b266759273f3f764fe003e355581fe04eab
                                                                                                                                • Instruction Fuzzy Hash: 578113B0A087458FDB54CF69C08065ABBF1EF88308F25C86EE8999B341E735E841CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E1D954 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 358stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: strncmp
                                                                                                                                • String ID: -$-$0$]$false$null$true$}
                                                                                                                                • API String ID: 1114863663-1443276563
                                                                                                                                • Opcode ID: 61a23a198cf33185d18bf2c50e00223fba2d3f9033faa4d947fdbb7bf9114261
                                                                                                                                • Instruction ID: b6b70abdc259587fac603326695db8698ed3d2203ba5dfb3784e35d6f90e01fb
                                                                                                                                • Opcode Fuzzy Hash: 61a23a198cf33185d18bf2c50e00223fba2d3f9033faa4d947fdbb7bf9114261
                                                                                                                                • Instruction Fuzzy Hash: ABD12778A0C6454EEB16CFA8C44A7E9BBF3BF46308F68C659C09287389D778D446C715
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3965A Relevance: 16.7, APIs: 11, Instructions: 192COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E09D14: sqlite3_free.SQLITE3 ref: 61E09D23
                                                                                                                                  • Part of subcall function 61E09D14: sqlite3_free.SQLITE3 ref: 61E09D2E
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E39687
                                                                                                                                • sqlite3_value_bytes.SQLITE3 ref: 61E3969A
                                                                                                                                • sqlite3_malloc64.SQLITE3 ref: 61E396AF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_malloc64sqlite3_value_bytessqlite3_value_text
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3723316075-0
                                                                                                                                • Opcode ID: dcc7f779f6f38f893b1977bd2d398dcba74901ca177a412b96189fa8f4e9f0ab
                                                                                                                                • Instruction ID: f53e8b6c54d3aca02cb2cc013b2d8c030a8a75f2929237fa48b399c3f20c5c22
                                                                                                                                • Opcode Fuzzy Hash: dcc7f779f6f38f893b1977bd2d398dcba74901ca177a412b96189fa8f4e9f0ab
                                                                                                                                • Instruction Fuzzy Hash: 477157B4904251CFDB00DF69C484B9ABBF1AFC8308F29C4A9D8489B369DB34D845CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6C507 Relevance: 16.6, APIs: 11, Instructions: 131COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mprintf$sqlite3_free$sqlite3_errmsgsqlite3_mallocsqlite3_prepare_v3sqlite3_reset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 216529871-0
                                                                                                                                • Opcode ID: 8e97ad267c2f605fb13518aef1020199c310bd4afadc19c627217e04756dcc42
                                                                                                                                • Instruction ID: bbb2d4aa90c264a264f9c788fa4b7e16af9a0764c10f885031be81ff7e9a4fbc
                                                                                                                                • Opcode Fuzzy Hash: 8e97ad267c2f605fb13518aef1020199c310bd4afadc19c627217e04756dcc42
                                                                                                                                • Instruction Fuzzy Hash: 1A51D5B4A497459FCB10DFA8C18465ABBE5BF88714F60C82DE899CB310E735E841CF82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E55322 Relevance: 16.6, APIs: 11, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E55335
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E55340
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E5536F
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E55379
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_log.SQLITE3 ref: 61E52918
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5538A
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E55392
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E553C3
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E553D0
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E553DB
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E553EC
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E553F7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_finalize$sqlite3_logsqlite3_mutex_entersqlite3_reset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3265072988-0
                                                                                                                                • Opcode ID: 0a04b1edf7cb1171ae88536b20cb48312aedcbdacb913977b1257b29b5c0cc63
                                                                                                                                • Instruction ID: 9f9f5529729b8b0df039e733f650ed7fa34833110783e1dfa50ba57634c18571
                                                                                                                                • Opcode Fuzzy Hash: 0a04b1edf7cb1171ae88536b20cb48312aedcbdacb913977b1257b29b5c0cc63
                                                                                                                                • Instruction Fuzzy Hash: 85312970604B82DBDB40AFB9C4C4629BBF0BF84318F25882CD9888B715D775E9A5CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E34569 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 341COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: false$null$true
                                                                                                                                • API String ID: 0-2913297407
                                                                                                                                • Opcode ID: ddc3cdc9d963128a6365da0f3f26fbbc150a830b5e4c14f88a4b74698624cd29
                                                                                                                                • Instruction ID: c3e19eb2a56d072f0d9fddc3e5ac4cc6366804aac4e2e364bcd16ab0d5a81ac4
                                                                                                                                • Opcode Fuzzy Hash: ddc3cdc9d963128a6365da0f3f26fbbc150a830b5e4c14f88a4b74698624cd29
                                                                                                                                • Instruction Fuzzy Hash: 2DC1DF70E092A58BDB01CF98C48079DBBF2ABCA318F29C16BD8945B356D336D846CB55
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6F73D Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 266COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E6F76B
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E6F779
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E6F8AE
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E6F8B9
                                                                                                                                  • Part of subcall function 61E4440C: strcmp.MSVCRT ref: 61E44448
                                                                                                                                  • Part of subcall function 61E4440C: sqlite3_free.SQLITE3 ref: 61E44564
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E6F8F3
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E6FA94
                                                                                                                                • sqlite3_result_error_code.SQLITE3 ref: 61E6FAB1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_result_errorsqlite3_value_text$sqlite3_mutex_entersqlite3_result_error_codestrcmp
                                                                                                                                • String ID: @]a$out of memory
                                                                                                                                • API String ID: 1233522994-3075323502
                                                                                                                                • Opcode ID: 6b030e55f5a968fdd79a0623755aa50526f18e87947d680a3d72422afaa6cf75
                                                                                                                                • Instruction ID: ba27affdc4134e6b4edaa6bd5d8ccf74df40f56d2ddfd3e9ccfe97486288a0f3
                                                                                                                                • Opcode Fuzzy Hash: 6b030e55f5a968fdd79a0623755aa50526f18e87947d680a3d72422afaa6cf75
                                                                                                                                • Instruction Fuzzy Hash: CBB15BB4A087458FDB00DFA8C49068EBBF5BF88308F65C96DE8999B345D738D841CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E89107 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_mutex_entersqlite3_randomness$sqlite3_malloc64sqlite3_mutex_leave
                                                                                                                                • String ID: ;
                                                                                                                                • API String ID: 1657278834-1661535913
                                                                                                                                • Opcode ID: 133ee2b85914a9862f54ac13999becc2d2140233677cfea1c61f5520a279f646
                                                                                                                                • Instruction ID: 3d60e2f1f66def4f885ec266c3f0c08ddb11d1b3beb96f9f7ce22b88cab9eeba
                                                                                                                                • Opcode Fuzzy Hash: 133ee2b85914a9862f54ac13999becc2d2140233677cfea1c61f5520a279f646
                                                                                                                                • Instruction Fuzzy Hash: 2BB16975E4525ADBDB40CFA8D48069DB7F1FF8A318F28C429E828AB345D739E905CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6F1EF Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 149COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_stricmp$sqlite3_mprintf$memcmpsqlite3_declare_vtabsqlite3_free
                                                                                                                                • String ID: D[a
                                                                                                                                • API String ID: 1364824805-1091075707
                                                                                                                                • Opcode ID: c5add645d9003f7f55528623736c71487d12147cfdd470399102a275a92d36d5
                                                                                                                                • Instruction ID: dae286c8fa807f22669aba9b5c9235caf8e48e71da2b5361f0ff9f528010b94d
                                                                                                                                • Opcode Fuzzy Hash: c5add645d9003f7f55528623736c71487d12147cfdd470399102a275a92d36d5
                                                                                                                                • Instruction Fuzzy Hash: 555118B1D442098FDB04CFA9C48069EBBF5BF88314F65C529E868AB385DB34D842CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3945E Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_int.SQLITE3 ref: 61E39490
                                                                                                                                • sqlite3_value_blob.SQLITE3 ref: 61E394B9
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E3954E
                                                                                                                                  • Part of subcall function 61E23366: sqlite3_vsnprintf.SQLITE3 ref: 61E23387
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E39596
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E395C1
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E395CD
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E395DF
                                                                                                                                • sqlite3_result_text.SQLITE3 ref: 61E3960B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mprintfsqlite3_snprintf$sqlite3_freesqlite3_result_textsqlite3_value_blobsqlite3_value_intsqlite3_vsnprintf
                                                                                                                                • String ID: r%a
                                                                                                                                • API String ID: 2288074931-3586770021
                                                                                                                                • Opcode ID: 04da6da866409f16084c29cf1577148ac870ad393e737941592febcdd86b48e3
                                                                                                                                • Instruction ID: e0a92859694a4900a168f13b1d3263fac8182ed0418521c0c37be99f79cd1f98
                                                                                                                                • Opcode Fuzzy Hash: 04da6da866409f16084c29cf1577148ac870ad393e737941592febcdd86b48e3
                                                                                                                                • Instruction Fuzzy Hash: 674160B08093699FCB10DF68C88065ABBF4FF89310F1085ADE59897291DB34DA84CF56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E810EF Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 82COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E38EA1: sqlite3_value_pointer.SQLITE3 ref: 61E38EB8
                                                                                                                                  • Part of subcall function 61E38EA1: sqlite3_mprintf.SQLITE3 ref: 61E38ED1
                                                                                                                                  • Part of subcall function 61E38EA1: sqlite3_result_error.SQLITE3 ref: 61E38EE7
                                                                                                                                  • Part of subcall function 61E38EA1: sqlite3_free.SQLITE3 ref: 61E38EEF
                                                                                                                                • sqlite3_exec.SQLITE3 ref: 61E81145
                                                                                                                                • sqlite3_result_text.SQLITE3 ref: 61E81224
                                                                                                                                  • Part of subcall function 61E80FD8: sqlite3_bind_int.SQLITE3 ref: 61E8102A
                                                                                                                                  • Part of subcall function 61E80FD8: sqlite3_bind_int.SQLITE3 ref: 61E81047
                                                                                                                                  • Part of subcall function 61E80FD8: sqlite3_step.SQLITE3 ref: 61E81055
                                                                                                                                  • Part of subcall function 61E80FD8: sqlite3_column_int.SQLITE3 ref: 61E8106F
                                                                                                                                  • Part of subcall function 61E80FD8: sqlite3_reset.SQLITE3 ref: 61E810AC
                                                                                                                                • sqlite3_exec.SQLITE3 ref: 61E81191
                                                                                                                                • sqlite3_exec.SQLITE3 ref: 61E811AB
                                                                                                                                • sqlite3_exec.SQLITE3 ref: 61E811D6
                                                                                                                                • sqlite3_result_error_code.SQLITE3 ref: 61E81232
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_exec$sqlite3_bind_int$sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_resetsqlite3_result_errorsqlite3_result_error_codesqlite3_result_textsqlite3_stepsqlite3_value_pointer
                                                                                                                                • String ID: e$optimize$oa
                                                                                                                                • API String ID: 591251517-252432933
                                                                                                                                • Opcode ID: bc4e3bf424f865ec16e1a4918076a5616c3a1d69f1d2076a4b583b3d8e5ead35
                                                                                                                                • Instruction ID: 5bee91d5f539eac4fa563ea8c6296d0569f7e735caac791db2448b3332eabe2c
                                                                                                                                • Opcode Fuzzy Hash: bc4e3bf424f865ec16e1a4918076a5616c3a1d69f1d2076a4b583b3d8e5ead35
                                                                                                                                • Instruction Fuzzy Hash: 563108B01087419FD3409FA5C48571EFBF4AF85728F20CD2DE8A98B390E779D8859B82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E5410C Relevance: 15.1, APIs: 10, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5412C
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_log.SQLITE3 ref: 61E52918
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54137
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54142
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_mutex_enter.SQLITE3 ref: 61E52937
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5414D
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54158
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54163
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E54184
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E5417C
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E5418F
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E54197
                                                                                                                                  • Part of subcall function 61E09F86: sqlite3_free.SQLITE3 ref: 61E09FA9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_finalize$sqlite3_free$sqlite3_mutex_enter$sqlite3_log
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3407354183-0
                                                                                                                                • Opcode ID: c785067905104b8909aa35739499210686426057244b6cc853e2384188e5dc5d
                                                                                                                                • Instruction ID: ced0cccc5ae12ac44bb36df9caac0ed7ea2b556accb856ba0d617af3127978de
                                                                                                                                • Opcode Fuzzy Hash: c785067905104b8909aa35739499210686426057244b6cc853e2384188e5dc5d
                                                                                                                                • Instruction Fuzzy Hash: AF111EB4A05782CBDF44BFB8D4C4429BBE4EF44308B11885DE984CB305E735D4A0CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E54114 Relevance: 15.0, APIs: 10, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5412C
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_log.SQLITE3 ref: 61E52918
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54137
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54142
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_mutex_enter.SQLITE3 ref: 61E52937
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5414D
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54158
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54163
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E54184
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E5417C
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E5418F
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E54197
                                                                                                                                  • Part of subcall function 61E09F86: sqlite3_free.SQLITE3 ref: 61E09FA9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_finalize$sqlite3_free$sqlite3_mutex_enter$sqlite3_log
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3407354183-0
                                                                                                                                • Opcode ID: 37ab25256ca8687904c9aca0f2071a0a8d9e81719bc7aac8ee9db106b132eed7
                                                                                                                                • Instruction ID: cb86ead57a86abe6f4267a5f89eb1e6a505b212186c7209b220b72f94cb80a92
                                                                                                                                • Opcode Fuzzy Hash: 37ab25256ca8687904c9aca0f2071a0a8d9e81719bc7aac8ee9db106b132eed7
                                                                                                                                • Instruction Fuzzy Hash: F901DBB4A05782CBCF44BFB8D4C4429BBE4EF44308B51885DE9848B305E735D4A0CB86
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E5E00D Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 271stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_snprintfstrcmp
                                                                                                                                • String ID: (blob)$BINARY$NULL$\5a$d$|5a
                                                                                                                                • API String ID: 3505521548-1544239028
                                                                                                                                • Opcode ID: c1506a199dc573aa8366f14cd72721d83724dacec89f062ea058ed54ac16782d
                                                                                                                                • Instruction ID: 46d893fce4ac7be74bb8c8bc38c2cbda8145dbbd177fcaa0187aa4266da4873a
                                                                                                                                • Opcode Fuzzy Hash: c1506a199dc573aa8366f14cd72721d83724dacec89f062ea058ed54ac16782d
                                                                                                                                • Instruction Fuzzy Hash: A9D132B4A0465ACFCB54CF29C481B99BBF0BF49304F24C9A9D8989B352E735D981CF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3852A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 112COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E38552
                                                                                                                                • sqlite3_value_int.SQLITE3 ref: 61E38564
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E3857A
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E38588
                                                                                                                                • sqlite3_result_text.SQLITE3 ref: 61E3866A
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E38675
                                                                                                                                • sqlite3_result_error_code.SQLITE3 ref: 61E3868B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_text$sqlite3_freesqlite3_result_errorsqlite3_result_error_codesqlite3_result_textsqlite3_value_int
                                                                                                                                • String ID: w$a
                                                                                                                                • API String ID: 2838836587-3093593190
                                                                                                                                • Opcode ID: 1edbdba1a80fe506254c82018033a2534d5ab639c089256374b5c55fbfba1671
                                                                                                                                • Instruction ID: ce48adf36ff930dbf7eebdb85d9e8847f9934a247876fbd72c471b82e9f719d3
                                                                                                                                • Opcode Fuzzy Hash: 1edbdba1a80fe506254c82018033a2534d5ab639c089256374b5c55fbfba1671
                                                                                                                                • Instruction Fuzzy Hash: D45183B4904359DFCB00DFA8C484A9EBBF4AF88354F208929E898EB354E734D945DF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E2571A Relevance: 13.8, APIs: 9, Instructions: 341COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E25739
                                                                                                                                • sqlite3_result_error_toobig.SQLITE3 ref: 61E2581A
                                                                                                                                • sqlite3_result_error_nomem.SQLITE3 ref: 61E25840
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E25ABC
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E25AE9
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E25AF3
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E25B59
                                                                                                                                • sqlite3_result_text.SQLITE3 ref: 61E25C7C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_snprintf$sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2444656285-0
                                                                                                                                • Opcode ID: 98956df970a1bce8bd6bef319e1252f9d10836b62fc8533955e39b5d6236ddca
                                                                                                                                • Instruction ID: 1011ef7682df7c4d5a0ed1d352e284da282e6dea59d33abc7d55f150c6ce29db
                                                                                                                                • Opcode Fuzzy Hash: 98956df970a1bce8bd6bef319e1252f9d10836b62fc8533955e39b5d6236ddca
                                                                                                                                • Instruction Fuzzy Hash: B4E19F7194835ACFDB20CF58C9907D9BBF1AF49308F65C49AD89897348D774D9828F42
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E843D2 Relevance: 13.7, APIs: 9, Instructions: 192COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_mallocsqlite3_mutex_enter
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 165182205-0
                                                                                                                                • Opcode ID: 6578b10490565248a7df039a2b98e65ce654a5d4fa776e46db139d074af89d68
                                                                                                                                • Instruction ID: 30fdca704bb3a9618ed7f592be8d0a27cbd2d5b0b053f1ed32328c9b93e0f820
                                                                                                                                • Opcode Fuzzy Hash: 6578b10490565248a7df039a2b98e65ce654a5d4fa776e46db139d074af89d68
                                                                                                                                • Instruction Fuzzy Hash: CA81F370A05269CFEB64CF69D880B99B7F5EF88304F2185AAD84CA7350D734DA85CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6C236 Relevance: 13.6, APIs: 9, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E6C264
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_initialize.SQLITE3 ref: 61E35D48
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_vmprintf.SQLITE3 ref: 61E35D62
                                                                                                                                • sqlite3_prepare_v2.SQLITE3 ref: 61E6C293
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E6C2A0
                                                                                                                                • sqlite3_column_name.SQLITE3 ref: 61E6C2BB
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E6C2D2
                                                                                                                                • sqlite3_column_name.SQLITE3 ref: 61E6C2E1
                                                                                                                                  • Part of subcall function 61E0A08D: sqlite3_mutex_enter.SQLITE3 ref: 61E0A051
                                                                                                                                  • Part of subcall function 61E0A08D: sqlite3_mutex_leave.SQLITE3 ref: 61E0A079
                                                                                                                                • sqlite3_column_name.SQLITE3 ref: 61E6C2F3
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E6C311
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E6C31F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_column_namesqlite3_mprintf$sqlite3_finalizesqlite3_freesqlite3_initializesqlite3_mutex_entersqlite3_mutex_leavesqlite3_prepare_v2sqlite3_vmprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2704467749-0
                                                                                                                                • Opcode ID: c0525e105b703aef2c8b9433389da3efbe27065bdaefb99c5d5df0bf75ea44aa
                                                                                                                                • Instruction ID: 9aa30604e4361012b826e890e3052b825001d02e78346e0643162bbb00509c92
                                                                                                                                • Opcode Fuzzy Hash: c0525e105b703aef2c8b9433389da3efbe27065bdaefb99c5d5df0bf75ea44aa
                                                                                                                                • Instruction Fuzzy Hash: F63181B09487059FCB00DFA9C18465EFBE4AF88754F21C92EE8A89B350E774D8419F92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E542EF Relevance: 13.5, APIs: 9, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E54040: sqlite3_blob_close.SQLITE3 ref: 61E54063
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5431B
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_log.SQLITE3 ref: 61E52918
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54326
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54331
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_mutex_enter.SQLITE3 ref: 61E52937
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5433C
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54347
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54352
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5435D
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54368
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E54370
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_finalize$sqlite3_mutex_enter$sqlite3_blob_closesqlite3_freesqlite3_log
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3147689611-0
                                                                                                                                • Opcode ID: d7688637fbcffcc740d5bc5d4628070a7fec3ff5064954bf05040a834bc90113
                                                                                                                                • Instruction ID: 4d51c1cf1af88e5e91f5bf6084424d0a6a274aef5da5250adddbf4f352d32730
                                                                                                                                • Opcode Fuzzy Hash: d7688637fbcffcc740d5bc5d4628070a7fec3ff5064954bf05040a834bc90113
                                                                                                                                • Instruction Fuzzy Hash: 970159B4A047C2CBCF48EFB8C0C4919BBE0AF54318F21889DE9848B316E736D854DB45
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E542FC Relevance: 13.5, APIs: 9, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E54040: sqlite3_blob_close.SQLITE3 ref: 61E54063
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5431B
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_log.SQLITE3 ref: 61E52918
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54326
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54331
                                                                                                                                  • Part of subcall function 61E528F4: sqlite3_mutex_enter.SQLITE3 ref: 61E52937
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5433C
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54347
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54352
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E5435D
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E54368
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E54370
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_finalize$sqlite3_mutex_enter$sqlite3_blob_closesqlite3_freesqlite3_log
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3147689611-0
                                                                                                                                • Opcode ID: 4b26d021cbe17ea6ad1841cc6360b9891e61fc1cfc01c6b0cacecb1c5d9116c0
                                                                                                                                • Instruction ID: 14c2e518267edf40354b7ec2f7825b1402411dc32e8039f59915f21ad82e9d5b
                                                                                                                                • Opcode Fuzzy Hash: 4b26d021cbe17ea6ad1841cc6360b9891e61fc1cfc01c6b0cacecb1c5d9116c0
                                                                                                                                • Instruction Fuzzy Hash: 5E0123B4A047C2CBCF48AFB8D4C4519BBE4AF54318F51485DE9848B306E736D854DB56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6F014 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 109COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_declare_vtab.SQLITE3 ref: 61E6F16F
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E6F181
                                                                                                                                • sqlite3_errmsg.SQLITE3 ref: 61E6F1BA
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E6F1CA
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_initialize.SQLITE3 ref: 61E35D48
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_vmprintf.SQLITE3 ref: 61E35D62
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_declare_vtabsqlite3_errmsgsqlite3_initializesqlite3_mallocsqlite3_mprintfsqlite3_vmprintf
                                                                                                                                • String ID: ,arg HIDDEN$,schema HIDDEN$CREATE TABLE x
                                                                                                                                • API String ID: 3659367609-1811906603
                                                                                                                                • Opcode ID: a06639bb8db56ba07d9ba23887bb1a3d5e66367afbe2e4935014068ef8f645bb
                                                                                                                                • Instruction ID: 14e085df69d454fd6e76aec5210ace6f737c11c071782e4a421d4c53d22d0d6d
                                                                                                                                • Opcode Fuzzy Hash: a06639bb8db56ba07d9ba23887bb1a3d5e66367afbe2e4935014068ef8f645bb
                                                                                                                                • Instruction Fuzzy Hash: 4A51AC7094439ACBDB20CF24C850B9ABBF5AF85304F60C4AEC89897741E778DA85DF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E774AE Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_blob_bytessqlite3_blob_opensqlite3_blob_readsqlite3_blob_reopensqlite3_freesqlite3_malloc
                                                                                                                                • String ID: ja
                                                                                                                                • API String ID: 2997704111-3086602706
                                                                                                                                • Opcode ID: e81e2683e2557c47815cca44eabb431739768525bdd007776fd858d4345db0c7
                                                                                                                                • Instruction ID: 55943fc240565fd9bb092222b760c91a110813d34388df676f7935a9e627bc23
                                                                                                                                • Opcode Fuzzy Hash: e81e2683e2557c47815cca44eabb431739768525bdd007776fd858d4345db0c7
                                                                                                                                • Instruction Fuzzy Hash: 9F4129B09083528FEB24CF69C18465ABBE1EF88354F21C96ED888DB355E774D842CF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6C0D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E5297F: sqlite3_finalize.SQLITE3 ref: 61E5298E
                                                                                                                                  • Part of subcall function 61E5297F: sqlite3_free.SQLITE3 ref: 61E529A0
                                                                                                                                  • Part of subcall function 61E5297F: sqlite3_free.SQLITE3 ref: 61E529B2
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E6C10A
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E6C121
                                                                                                                                  • Part of subcall function 61E5E505: sqlite3_step.SQLITE3 ref: 61E5E520
                                                                                                                                  • Part of subcall function 61E5E505: sqlite3_finalize.SQLITE3 ref: 61E5E530
                                                                                                                                • sqlite3_prepare_v2.SQLITE3 ref: 61E6C1EE
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E6C1FB
                                                                                                                                • sqlite3_errmsg.SQLITE3 ref: 61E6C20A
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E6C21A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_finalizesqlite3_mprintf$sqlite3_errmsgsqlite3_prepare_v2sqlite3_stepsqlite3_value_text
                                                                                                                                • String ID: PRAGMA
                                                                                                                                • API String ID: 2796122990-920768087
                                                                                                                                • Opcode ID: 4741b4adab2031314b3dc94567f6795f7995ee67eee0da36a7bcda01a3009edf
                                                                                                                                • Instruction ID: 198d8b353315456c7014ee881d5e23c62c49e8a8565c95247497f62ce650fe9b
                                                                                                                                • Opcode Fuzzy Hash: 4741b4adab2031314b3dc94567f6795f7995ee67eee0da36a7bcda01a3009edf
                                                                                                                                • Instruction Fuzzy Hash: C341E5B0A08745CFDB10DFA9D58475ABBF5AF88348F65C82DE8989B340E735D841CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E5E54E Relevance: 12.2, APIs: 8, Instructions: 215COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E290EC: sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 61E29130
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E5E597
                                                                                                                                • sqlite3_prepare_v2.SQLITE3 ref: 61E5E5D5
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E5E62A
                                                                                                                                • sqlite3_errmsg.SQLITE3 ref: 61E5E7C7
                                                                                                                                  • Part of subcall function 61E261BD: sqlite3_log.SQLITE3 ref: 61E261E6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_log$sqlite3_errmsgsqlite3_mutex_entersqlite3_prepare_v2sqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 154587148-0
                                                                                                                                • Opcode ID: fef2b6457d5ac273816a5284b73c3ca612ac1169d3a76f24b8b92b0b8a1ec552
                                                                                                                                • Instruction ID: 462f3891f9d192186e351443e0fb3025d318610fbf976b715136d6e58caa97af
                                                                                                                                • Opcode Fuzzy Hash: fef2b6457d5ac273816a5284b73c3ca612ac1169d3a76f24b8b92b0b8a1ec552
                                                                                                                                • Instruction Fuzzy Hash: 3B8107B0E0565A8BEB40DFAAC48479EFBF5AF88308F24C429E854E7340D776D855CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E54223 Relevance: 12.0, APIs: 8, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_finalize$sqlite3_log
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 83268734-0
                                                                                                                                • Opcode ID: 84535eaaf462f666e987c63f9f8611ea60bae4957f2129d740be729030156c64
                                                                                                                                • Instruction ID: 1cf537c7d76d7191e88821371a6038a4c968d269dd16be48582f0cef48045827
                                                                                                                                • Opcode Fuzzy Hash: 84535eaaf462f666e987c63f9f8611ea60bae4957f2129d740be729030156c64
                                                                                                                                • Instruction Fuzzy Hash: 650192B4904751CBCB10AFB8D8C4969BBE4AF48315F128969EC888B316E634D890CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3552B Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 471COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_bytes.SQLITE3 ref: 61E3556F
                                                                                                                                • sqlite3_value_blob.SQLITE3 ref: 61E3557D
                                                                                                                                  • Part of subcall function 61E1842E: sqlite3_malloc.SQLITE3 ref: 61E18443
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E35B1E
                                                                                                                                • sqlite3_result_text.SQLITE3 ref: 61E35B46
                                                                                                                                • sqlite3_result_error_code.SQLITE3 ref: 61E35B57
                                                                                                                                  • Part of subcall function 61E352FB: sqlite3_vmprintf.SQLITE3 ref: 61E35319
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_mallocsqlite3_result_error_codesqlite3_result_textsqlite3_value_blobsqlite3_value_bytessqlite3_vmprintf
                                                                                                                                • String ID: dlidx
                                                                                                                                • API String ID: 3159449572-2870836960
                                                                                                                                • Opcode ID: 78e1da91771bfef3749dd6cf8f1eedc518d31aae0ae0fed9e7fc78813e85fbc5
                                                                                                                                • Instruction ID: 0da56bc64cdfba3205b52698ef07f24086f1ae675bcf95db55d9a7df334b2db4
                                                                                                                                • Opcode Fuzzy Hash: 78e1da91771bfef3749dd6cf8f1eedc518d31aae0ae0fed9e7fc78813e85fbc5
                                                                                                                                • Instruction Fuzzy Hash: 6F22B275E053698FCB00DFA8C88069DBBF5BF88314F258929E459AB305E774E946CF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6F556 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_declare_vtab.SQLITE3 ref: 61E6F574
                                                                                                                                  • Part of subcall function 61E6EE0E: sqlite3_mutex_enter.SQLITE3 ref: 61E6EE2D
                                                                                                                                  • Part of subcall function 61E6EE0E: sqlite3_mutex_leave.SQLITE3 ref: 61E6EE5A
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E6F5BB
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E6F694
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E6F6BE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_malloc$sqlite3_declare_vtabsqlite3_freesqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                • String ID: Z\a$simple
                                                                                                                                • API String ID: 1843532771-549552460
                                                                                                                                • Opcode ID: d7edfdc7fd165edf7f9846231423651af772ed14468a57734fa9ec713474b9c9
                                                                                                                                • Instruction ID: c5081e2a0deaaf3a3a36330d71190e0ec61f0889fd736ca03773d10b6c793ae2
                                                                                                                                • Opcode Fuzzy Hash: d7edfdc7fd165edf7f9846231423651af772ed14468a57734fa9ec713474b9c9
                                                                                                                                • Instruction Fuzzy Hash: 93513974A4420A8FDB04DFB9C99069EB7E5FF88355F61C529E8549B390DB78EC02CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E01040 Relevance: 10.6, APIs: 7, Instructions: 132sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Sleep_amsg_exit
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1015461914-0
                                                                                                                                • Opcode ID: 17b9e9c5aed69ab8d3979f493db63af1614367cf56cb41071fdf64ceec96ae9e
                                                                                                                                • Instruction ID: 0d8a136eb569c8c6b1839f4660e9f781d901f67137c5b81100280f689c08e3f7
                                                                                                                                • Opcode Fuzzy Hash: 17b9e9c5aed69ab8d3979f493db63af1614367cf56cb41071fdf64ceec96ae9e
                                                                                                                                • Instruction Fuzzy Hash: D04140B1A197418BEB41DFE8C58471A7AF1EB8634DF24C92EE5848F344D779C891CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7061C Relevance: 10.6, APIs: 7, Instructions: 117COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E35B80: sqlite3_vmprintf.SQLITE3 ref: 61E35B9E
                                                                                                                                • sqlite3_prepare_v2.SQLITE3 ref: 61E70686
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E70691
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E706B3
                                                                                                                                • sqlite3_column_int64.SQLITE3 ref: 61E706CB
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E70705
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E7072D
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E7077A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_finalize$sqlite3_column_int64sqlite3_freesqlite3_mprintfsqlite3_prepare_v2sqlite3_stepsqlite3_vmprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 904011437-0
                                                                                                                                • Opcode ID: 03c078ae4af0d57ca80a90db7988a44ebdded967b8d3f244207a54293700ba73
                                                                                                                                • Instruction ID: faba91042ef3c9cf631bf1c585cb17e456f31657fa72dd5f4c55e3a8fd760cc7
                                                                                                                                • Opcode Fuzzy Hash: 03c078ae4af0d57ca80a90db7988a44ebdded967b8d3f244207a54293700ba73
                                                                                                                                • Instruction Fuzzy Hash: 9451D2B49043568FEB10DFA8C494A9ABBF0BF89318F21C96AD8589B351D375D841CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E343D1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E343F7
                                                                                                                                • sqlite3_value_bytes.SQLITE3 ref: 61E34401
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E3442B
                                                                                                                                • sqlite3_value_bytes.SQLITE3 ref: 61E34436
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E34476
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_error
                                                                                                                                • String ID: null
                                                                                                                                • API String ID: 1955785328-634125391
                                                                                                                                • Opcode ID: 6289680e4f9532cd869fba4e1ca4c95e5c24f6dee5d29a2c8d921ce28d4deaba
                                                                                                                                • Instruction ID: 743f9c489193da4ea23e06f008f456d171f554c3088c3eb19898de55ae77fcfa
                                                                                                                                • Opcode Fuzzy Hash: 6289680e4f9532cd869fba4e1ca4c95e5c24f6dee5d29a2c8d921ce28d4deaba
                                                                                                                                • Instruction Fuzzy Hash: 6B11EBB27086908BC7149F6D94D5269FBE6D7C5328F24C57FD1958B340D136C896CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E2A03C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E290A2: sqlite3_log.SQLITE3(?,?,?,?,?,61E29155), ref: 61E290DD
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E2A06B
                                                                                                                                • sqlite3_value_text16le.SQLITE3 ref: 61E2A07F
                                                                                                                                • sqlite3_value_text16le.SQLITE3 ref: 61E2A0AD
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E2A0C1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_text16le$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                • String ID: bad parameter or other API misuse$out of memory
                                                                                                                                • API String ID: 3568942437-948784999
                                                                                                                                • Opcode ID: 9af593ed8be51bf533da854c1f9a9b27d956b751e5488fc9a4e6f4556e235b63
                                                                                                                                • Instruction ID: 4f76d04d6961d0c4bd0ce1af6649893dc684826f685e8cfcc82b78deda859986
                                                                                                                                • Opcode Fuzzy Hash: 9af593ed8be51bf533da854c1f9a9b27d956b751e5488fc9a4e6f4556e235b63
                                                                                                                                • Instruction Fuzzy Hash: 9A012D71A043528BDB50AFB985E0A69BBE4AF84358F25C87DDC49CF305E635D8408BD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3D95C Relevance: 9.4, APIs: 4, Strings: 2, Instructions: 426COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmp$sqlite3_mutex_try
                                                                                                                                • String ID: +'a$0
                                                                                                                                • API String ID: 2794522359-3483203251
                                                                                                                                • Opcode ID: 9f850b961660fb38efafd1c7a42655978936ed5656d244a19cabffb3eb37950e
                                                                                                                                • Instruction ID: 55e1d7439cc4b10a1952e3b75115d5b0b198627f2d4f4c81a106b3fbe8363f3d
                                                                                                                                • Opcode Fuzzy Hash: 9f850b961660fb38efafd1c7a42655978936ed5656d244a19cabffb3eb37950e
                                                                                                                                • Instruction Fuzzy Hash: 9D02BD78A082659FEB09CFA9C084799BBF1BFC8308FA4C16DE8459B355D774E845CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E846C8 Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_column_blob.SQLITE3 ref: 61E84767
                                                                                                                                • sqlite3_column_bytes.SQLITE3 ref: 61E8477C
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E847B7
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E84815
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E848C1
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E84904
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_reset$sqlite3_column_blobsqlite3_column_bytessqlite3_freesqlite3_mallocsqlite3_mutex_enter
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1826171856-0
                                                                                                                                • Opcode ID: 000717f7e1177e1e23d14f365c43ceb5d5595a34404bf35097c07fe12af12650
                                                                                                                                • Instruction ID: 05008e3f9523148d97919bf3531f68f9a0650a283f9fe067de5653c203b40d1c
                                                                                                                                • Opcode Fuzzy Hash: 000717f7e1177e1e23d14f365c43ceb5d5595a34404bf35097c07fe12af12650
                                                                                                                                • Instruction Fuzzy Hash: DAB1FE70A0464A8FDB95CFA9C48078DBBF5FB88318F25C52AD858AB310D774E846CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E23990 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E239B2
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E239C0
                                                                                                                                • sqlite3_value_bytes.SQLITE3 ref: 61E239CD
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E239FB
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E23A25
                                                                                                                                • sqlite3_result_int.SQLITE3 ref: 61E23A65
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_text$sqlite3_result_errorsqlite3_result_intsqlite3_value_bytes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4226599549-0
                                                                                                                                • Opcode ID: f5789deb05f6bf34c7029f63df9a6f12e00186577fb065202f3b389877534d2e
                                                                                                                                • Instruction ID: 5c37de3e5dca42f77e2f70aa9eabb9dfbbd9e53d0ec325188b364b562955975f
                                                                                                                                • Opcode Fuzzy Hash: f5789deb05f6bf34c7029f63df9a6f12e00186577fb065202f3b389877534d2e
                                                                                                                                • Instruction Fuzzy Hash: 242106B49087469FCB10DFA9D590A9DBBF1AF88328F24C92DE8A997390D730D941CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E55455 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E5547D
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_enter.SQLITE3 ref: 61E55292
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_leave.SQLITE3 ref: 61E55313
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E55493
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E554A8
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E554B2
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E554C6
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E554E0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_finalizesqlite3_mutex_entersqlite3_mutex_leavesqlite3_reset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 947960732-0
                                                                                                                                • Opcode ID: 69403411c58f2bfa7c01385bcc0fc28c054ae70424bf5acbf3114b10f7369659
                                                                                                                                • Instruction ID: 94b3ad9273bf4673e0b0490511d00b651099f9d579ddaaee4a36f3fec02f54df
                                                                                                                                • Opcode Fuzzy Hash: 69403411c58f2bfa7c01385bcc0fc28c054ae70424bf5acbf3114b10f7369659
                                                                                                                                • Instruction Fuzzy Hash: C5117970204682DFDB40DFB9C484719FBE0BF44329F24C969E8488B751D735E8A0CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E3730D Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E37324
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E37353
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E37368
                                                                                                                                • sqlite3_load_extension.SQLITE3 ref: 61E37383
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E3739E
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E373A9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_result_errorsqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 356667613-0
                                                                                                                                • Opcode ID: 654a2007774f204776a6dc283a8bf1a0f14e9aac2cc00fbeb3122e91ff0f9d6e
                                                                                                                                • Instruction ID: 4be988d230b221ec36846170af335e783f7c9ea6f1c2a96a242591620f29ffe2
                                                                                                                                • Opcode Fuzzy Hash: 654a2007774f204776a6dc283a8bf1a0f14e9aac2cc00fbeb3122e91ff0f9d6e
                                                                                                                                • Instruction Fuzzy Hash: 9511E2B49087569BCB10EFA9C58655EBBF4AF88368F21CA2DE8A897350E334D441CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E2058C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E205C4
                                                                                                                                  • Part of subcall function 61E18169: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17E42,?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E18171
                                                                                                                                • sqlite3_value_dup.SQLITE3 ref: 61E20617
                                                                                                                                • sqlite3_result_error_nomem.SQLITE3 ref: 61E2064C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_initializesqlite3_mallocsqlite3_result_error_nomemsqlite3_value_dup
                                                                                                                                • String ID: `a
                                                                                                                                • API String ID: 405757302-3628523296
                                                                                                                                • Opcode ID: 3b24c3367924a4dea08eeb90c23129d1293b87f21e3157449f918b6278de3b12
                                                                                                                                • Instruction ID: c38275251436f407cc692d84485b370498c167453265f75eb72ee94a0be38772
                                                                                                                                • Opcode Fuzzy Hash: 3b24c3367924a4dea08eeb90c23129d1293b87f21e3157449f918b6278de3b12
                                                                                                                                • Instruction Fuzzy Hash: AA310875A04259CFCB00DFA9C48199EBBF1FF88314F25846AE848EB315D775E981CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0E289 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_strglob
                                                                                                                                • String ID: $
                                                                                                                                • API String ID: 476814121-227171996
                                                                                                                                • Opcode ID: b7af750687b44e0ed3fa7a5ff8f13654982b8814c852a1e6af15e439e54034f7
                                                                                                                                • Instruction ID: 869e4f67728a56622062569340128f550362f2084ed92545c559c0a661317ae8
                                                                                                                                • Opcode Fuzzy Hash: b7af750687b44e0ed3fa7a5ff8f13654982b8814c852a1e6af15e439e54034f7
                                                                                                                                • Instruction Fuzzy Hash: 7821F4705087828AD7118FBBC8C035ABFE4BF8671AF68D5BDC5D58A691E338D4A1C742
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E1F0F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_aggregate_context.SQLITE3 ref: 61E1F105
                                                                                                                                • sqlite3_result_error.SQLITE3 ref: 61E1F135
                                                                                                                                • sqlite3_result_double.SQLITE3 ref: 61E1F14B
                                                                                                                                • sqlite3_result_int64.SQLITE3 ref: 61E1F163
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_aggregate_contextsqlite3_result_doublesqlite3_result_errorsqlite3_result_int64
                                                                                                                                • String ID: ia
                                                                                                                                • API String ID: 3779139978-3102340152
                                                                                                                                • Opcode ID: 5a016db7481cd2cb5fb96b5e8c447d4fcdc96413931125088cf9e7539b8d657d
                                                                                                                                • Instruction ID: f542ba5ce4528154b02939f53607ce9d7df405cc01f1ee04dda6fd26e67b6dbd
                                                                                                                                • Opcode Fuzzy Hash: 5a016db7481cd2cb5fb96b5e8c447d4fcdc96413931125088cf9e7539b8d657d
                                                                                                                                • Instruction Fuzzy Hash: 88011EB050C7419FD7009F64C48675ABFE4AF86368F25C99DE8944B3A7C778C488C782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7E973 Relevance: 7.7, APIs: 5, Instructions: 244COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_realloc.SQLITE3(?), ref: 61E7EA77
                                                                                                                                • memcmp.MSVCRT ref: 61E7EABC
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E7EB63
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E7EBF7
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E7EC71
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$memcmpsqlite3_mutex_entersqlite3_realloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1027907971-0
                                                                                                                                • Opcode ID: 56bfc52a5c503e992b6f4d3abe46808974d1fbd5c8f7a5629aecfdde00578ecc
                                                                                                                                • Instruction ID: 57b25999fbfa542cfd46d5469d8604918396c1baeefc332d5b397f50f68bded3
                                                                                                                                • Opcode Fuzzy Hash: 56bfc52a5c503e992b6f4d3abe46808974d1fbd5c8f7a5629aecfdde00578ecc
                                                                                                                                • Instruction Fuzzy Hash: 90B1AEB4E046598FEB64CFAAC5806DDBBF0BF88318F248029E859A7314D375E946CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E197CA Relevance: 7.7, APIs: 5, Instructions: 212COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E19822
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E198B8
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E197E9
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E19A47
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_mallocsqlite3_mutex_enter
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 165182205-0
                                                                                                                                • Opcode ID: 5113d1a7b80faf1744edd91b3862766df32e2b5703b411f80c9a1e333f2ed14f
                                                                                                                                • Instruction ID: ad858bbc2405504850c65acd1633a9cbb592973f238e12e982cbe24f2ab9cabe
                                                                                                                                • Opcode Fuzzy Hash: 5113d1a7b80faf1744edd91b3862766df32e2b5703b411f80c9a1e333f2ed14f
                                                                                                                                • Instruction Fuzzy Hash: EEA18F75E04219CBDF04CFA9D484ADDBBF1BF88314F25852AE858AB358E774A945CF80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E51607 Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,61E518B2), ref: 61E51630
                                                                                                                                • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,61E518B2), ref: 61E517BD
                                                                                                                                • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,61E518B2), ref: 61E517CF
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E517E6
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E517EE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_mutex_leave$sqlite3_mutex_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2921195555-0
                                                                                                                                • Opcode ID: 0826c7636f1ad4ea79a44741243cf475edf37f2e6c89619b8259870aa24a2938
                                                                                                                                • Instruction ID: a06aaafe9873d912480b96534df354eaeddb5ceccbbef14c1ee332f903059eec
                                                                                                                                • Opcode Fuzzy Hash: 0826c7636f1ad4ea79a44741243cf475edf37f2e6c89619b8259870aa24a2938
                                                                                                                                • Instruction Fuzzy Hash: 2F51AE74A047428BDB50DFA9C8C064AB7B1BF84318F29C97CD8589F305DB75E866CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E373B6 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mprintf$sqlite3_freesqlite3_malloc64sqlite3_realloc64
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4073198082-0
                                                                                                                                • Opcode ID: 12ca69d1373d584e98427fa9484979ea92dea4e06342e01fc342bcca310f2187
                                                                                                                                • Instruction ID: 4dc4c45a487dcadf269c32b327a54885b2dee170989a77cec14475e00442a2ae
                                                                                                                                • Opcode Fuzzy Hash: 12ca69d1373d584e98427fa9484979ea92dea4e06342e01fc342bcca310f2187
                                                                                                                                • Instruction Fuzzy Hash: F6412BB0904265DFDB04CF64C48466ABBE1FF88314F25C469DC598B345E734E852CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E347BA Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_result_null.SQLITE3 ref: 61E347DC
                                                                                                                                • sqlite3_result_int.SQLITE3 ref: 61E347FB
                                                                                                                                • sqlite3_result_int64.SQLITE3 ref: 61E348B0
                                                                                                                                • sqlite3_result_double.SQLITE3 ref: 61E348E4
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E34921
                                                                                                                                • sqlite3_result_text.SQLITE3 ref: 61E349CA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mallocsqlite3_result_doublesqlite3_result_intsqlite3_result_int64sqlite3_result_nullsqlite3_result_text
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 402655203-0
                                                                                                                                • Opcode ID: dfc1296a96d87415b99fa478df2db1913addbd10b77a508d435652bc05f92206
                                                                                                                                • Instruction ID: 887193c030d3409a662d0f11f1ad9e68027de72948d1dd5e2c465eb26f032fff
                                                                                                                                • Opcode Fuzzy Hash: dfc1296a96d87415b99fa478df2db1913addbd10b77a508d435652bc05f92206
                                                                                                                                • Instruction Fuzzy Hash: 104158B09092A58EDB10DFACC09469DFBF1EB8A358F29C51EE4849B315D376C981CB16
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E374F2 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_value_int.SQLITE3 ref: 61E37524
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E375DF
                                                                                                                                • sqlite3_result_error_nomem.SQLITE3 ref: 61E375ED
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3760F
                                                                                                                                • sqlite3_result_double.SQLITE3 ref: 61E3761E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_doublesqlite3_result_error_nomemsqlite3_value_int
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2195261611-0
                                                                                                                                • Opcode ID: 0185b15a95da4304e5553c73c8115dc59304279415ac84ab325e71400d5a3599
                                                                                                                                • Instruction ID: 4c34d7225b0422bc255c3e86e645272b2d72642e40c6d0c0345fc9b83b4733f6
                                                                                                                                • Opcode Fuzzy Hash: 0185b15a95da4304e5553c73c8115dc59304279415ac84ab325e71400d5a3599
                                                                                                                                • Instruction Fuzzy Hash: A43115B1D086A9EADF057F95C5802DEBBB0FFC4704F258849E88066355E735CC91CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E514F5 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E128C4: sqlite3_mutex_try.SQLITE3(?,?,?,61E12944), ref: 61E12864
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E51559
                                                                                                                                • sqlite3_mutex_free.SQLITE3 ref: 61E5159A
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E515AA
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E515D9
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E515F8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1894464702-0
                                                                                                                                • Opcode ID: f92c77e1991d6c3bc1ba831b5f8855a986f0912964b15f703335f12598398f64
                                                                                                                                • Instruction ID: a62c2a84dbeb5f619550e64a75a2dfc4f21057f8e53273d58eadb6a5769ecd15
                                                                                                                                • Opcode Fuzzy Hash: f92c77e1991d6c3bc1ba831b5f8855a986f0912964b15f703335f12598398f64
                                                                                                                                • Instruction Fuzzy Hash: 05312C74B046428BDB55DFE9C4C061ABBF6AF8530CB3DC569D8468B305E732D8A2CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E29229 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_log.SQLITE3 ref: 61E29257
                                                                                                                                • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,61E29367), ref: 61E2926B
                                                                                                                                • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E29367), ref: 61E29293
                                                                                                                                • sqlite3_log.SQLITE3 ref: 61E292B1
                                                                                                                                • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E29367), ref: 61E292E7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_logsqlite3_mutex_leave$sqlite3_mutex_enter
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1015584638-0
                                                                                                                                • Opcode ID: 0fbd982de2b20e6314d2c53773fe365967a9088fa8c7a691ce7f37ce7f11df75
                                                                                                                                • Instruction ID: 5974b54da2709e6afba32eac724cc02f1a9e28d3b85787d1a21152ac0b537e42
                                                                                                                                • Opcode Fuzzy Hash: 0fbd982de2b20e6314d2c53773fe365967a9088fa8c7a691ce7f37ce7f11df75
                                                                                                                                • Instruction Fuzzy Hash: A23103366056A08BDB009FA8D4A074677E4EFCA718F35D879DC488F349D734D881C792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E45238 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E4524D
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E45258
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E45311
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E4531C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1477753154-0
                                                                                                                                • Opcode ID: 3f593b2de3b12cb970dd5266ad5cc09c35327821beba8bd86ae286c36c0e6bd5
                                                                                                                                • Instruction ID: d8340ba76ca5e99bf4fb43a6dbd60cce76dfa6ead970c7625aefdd84828b6b9f
                                                                                                                                • Opcode Fuzzy Hash: 3f593b2de3b12cb970dd5266ad5cc09c35327821beba8bd86ae286c36c0e6bd5
                                                                                                                                • Instruction Fuzzy Hash: 9B213DB4609741CBDB01AF68D48065ABBF4EF85718F28C46EE8488B349D7B4D851CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E70400 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_prepare_v2.SQLITE3 ref: 61E7042C
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E7043D
                                                                                                                                • sqlite3_column_text.SQLITE3 ref: 61E70457
                                                                                                                                  • Part of subcall function 61E23A72: sqlite3_value_text.SQLITE3 ref: 61E23A87
                                                                                                                                • sqlite3_errmsg.SQLITE3 ref: 61E70485
                                                                                                                                • sqlite3_finalize.SQLITE3 ref: 61E7049C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_column_textsqlite3_errmsgsqlite3_finalizesqlite3_prepare_v2sqlite3_stepsqlite3_value_text
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4105420880-0
                                                                                                                                • Opcode ID: 452a19530cff0bba95163ccb0f3fa396657d302e4d13370d2b314860ff15124e
                                                                                                                                • Instruction ID: c11760f29bb5f4a380468c4bac2c745bf620e670165c2da18309008e4c0d914d
                                                                                                                                • Opcode Fuzzy Hash: 452a19530cff0bba95163ccb0f3fa396657d302e4d13370d2b314860ff15124e
                                                                                                                                • Instruction Fuzzy Hash: 5C11FBB1A043568BEB209FA9848465EFAF5AB89258F21C53EE894D7340F735C801CB56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E351DE Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_initialize.SQLITE3 ref: 61E351EC
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E17CB9
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F87), ref: 61E17CED
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E17FB6
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E35204
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E35227
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E3526B
                                                                                                                                • sqlite3_memory_used.SQLITE3 ref: 61E35270
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_configsqlite3_initializesqlite3_memory_used
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2853221962-0
                                                                                                                                • Opcode ID: 84635081488589c9fa7a5aaec983128e4da2aeca06c09e6302990b2d44ad3f05
                                                                                                                                • Instruction ID: 37c33c6358e82a3ffb1a82134911c91d3230006a5187abee13060d93778e92f0
                                                                                                                                • Opcode Fuzzy Hash: 84635081488589c9fa7a5aaec983128e4da2aeca06c09e6302990b2d44ad3f05
                                                                                                                                • Instruction Fuzzy Hash: EF114C74A14A159BCF04DFB9D4405597BF1BFCA618B24CA2EF854CB340D738E891CB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E0A439 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_mutex_enter.SQLITE3(?,?,?,61E139E0), ref: 61E0A463
                                                                                                                                • sqlite3_mutex_leave.SQLITE3(?,?,?,61E139E0), ref: 61E0A49F
                                                                                                                                • sqlite3_mutex_enter.SQLITE3(?,?,?,61E139E0), ref: 61E0A4B8
                                                                                                                                • sqlite3_mutex_leave.SQLITE3(?,?,?,61E139E0), ref: 61E0A4CB
                                                                                                                                • sqlite3_free.SQLITE3(?,?,?,61E139E0), ref: 61E0A4D3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 251237202-0
                                                                                                                                • Opcode ID: 11bcb99249ce78e332c4f4674f24dc02cca82125b3d5419875a39eb2376613be
                                                                                                                                • Instruction ID: d4b3e45222cccdbe227ff8d031bf50a41e156c64e65878c455f09f601debf61a
                                                                                                                                • Opcode Fuzzy Hash: 11bcb99249ce78e332c4f4674f24dc02cca82125b3d5419875a39eb2376613be
                                                                                                                                • Instruction Fuzzy Hash: F011B779564B558FCF00AFB9C5845247FE8E74635AB658D2BE448C7301E738D4E0CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E33401 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E32EEF: sqlite3_realloc64.SQLITE3(?,?,?,?,?,?,?,?,?,?,00000000,00000001,00000000,?,61E3341C), ref: 61E32F1E
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E3360D
                                                                                                                                • sqlite3_log.SQLITE3 ref: 61E3368E
                                                                                                                                  • Part of subcall function 61E08A11: memcmp.MSVCRT ref: 61E08A6B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcmpsqlite3_freesqlite3_logsqlite3_realloc64
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 167025251-3916222277
                                                                                                                                • Opcode ID: 7da1d2b7a7bbfcfc5baba7b79efc12701892b0067ac63be574ba3dcd84641a60
                                                                                                                                • Instruction ID: be54b59fe2e8201bfd208eb64778632814d1866abff958e6ae7d6f2b4a414f35
                                                                                                                                • Opcode Fuzzy Hash: 7da1d2b7a7bbfcfc5baba7b79efc12701892b0067ac63be574ba3dcd84641a60
                                                                                                                                • Instruction Fuzzy Hash: 66E1D570E042598FEB55CFA9C884B8DBBF1AF88318F24856AD818AB396D774D945CF40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6A7CD Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 267COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: oCa$sqlite_master$sqlite_sequence
                                                                                                                                • API String ID: 0-3070169482
                                                                                                                                • Opcode ID: 9276549f039b4e32202f6604b4810dacbca95bdd456affcc3d9303f09a143b85
                                                                                                                                • Instruction ID: 83132c81e7cbcf0b93616233b820fc48f20aec42b9855e148c196d45d484c4d0
                                                                                                                                • Opcode Fuzzy Hash: 9276549f039b4e32202f6604b4810dacbca95bdd456affcc3d9303f09a143b85
                                                                                                                                • Instruction Fuzzy Hash: 56D1B574A44A698FDB60CF29C98079EBBF5AF89316F20C599E85897350D730DE81CF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E6F416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_declare_vtabsqlite3_mallocsqlite3_strnicmp
                                                                                                                                • String ID: *\a
                                                                                                                                • API String ID: 3274709417-3252079681
                                                                                                                                • Opcode ID: e61001c149736e4b4fa024b628d4e8b05aeff325c516e40754042b879736e2a7
                                                                                                                                • Instruction ID: 97434a9ac1cbf532c255d19e57fc6372fdf4865656bd72cb8c60ec815f470f7a
                                                                                                                                • Opcode Fuzzy Hash: e61001c149736e4b4fa024b628d4e8b05aeff325c516e40754042b879736e2a7
                                                                                                                                • Instruction Fuzzy Hash: 98412CB5A042058FCB04CF69C480A9ABBF5FF48324F65856AEC159B385E775EC41CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E399C9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E24FAC: sqlite3_value_text.SQLITE3 ref: 61E24FBF
                                                                                                                                  • Part of subcall function 61E24FAC: sqlite3_value_bytes.SQLITE3 ref: 61E24FCB
                                                                                                                                  • Part of subcall function 61E24FAC: sqlite3_get_auxdata.SQLITE3 ref: 61E24FE9
                                                                                                                                  • Part of subcall function 61E24FAC: memcmp.MSVCRT ref: 61E2500A
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E39A2E
                                                                                                                                  • Part of subcall function 61E398B6: sqlite3_mprintf.SQLITE3 ref: 61E39908
                                                                                                                                  • Part of subcall function 61E398B6: sqlite3_result_error.SQLITE3 ref: 61E39922
                                                                                                                                  • Part of subcall function 61E398B6: sqlite3_free.SQLITE3 ref: 61E3992A
                                                                                                                                • sqlite3_result_subtype.SQLITE3 ref: 61E39AD2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_text$memcmpsqlite3_freesqlite3_get_auxdatasqlite3_mprintfsqlite3_result_errorsqlite3_result_subtypesqlite3_value_bytes
                                                                                                                                • String ID: J$null
                                                                                                                                • API String ID: 3173415908-802103870
                                                                                                                                • Opcode ID: 678ceeaeb1e0eb2007b67c1f9e2e504c0d82f50eeccdeca712d2b5fae961108e
                                                                                                                                • Instruction ID: dae8a4b82357737e25c05515fd0c11d704dc4c929ae8babc35265c44f4773a77
                                                                                                                                • Opcode Fuzzy Hash: 678ceeaeb1e0eb2007b67c1f9e2e504c0d82f50eeccdeca712d2b5fae961108e
                                                                                                                                • Instruction Fuzzy Hash: 1A313C70A042A9DBDF10DF65C880B8E77A5AFC5358F20C16AE85C8B341DB35DA86CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E1F7D3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_int$sqlite3_result_blob
                                                                                                                                • String ID: <
                                                                                                                                • API String ID: 2918918774-4251816714
                                                                                                                                • Opcode ID: 6020e17181f39912575a7a93e1d68d1f0ed7f691c5b2d6e4ad995f0dc8a5e231
                                                                                                                                • Instruction ID: 1b0c26032d5831a3da3b2f3a9ca0db124d734f16b2bf76ac1c340191f414f5cc
                                                                                                                                • Opcode Fuzzy Hash: 6020e17181f39912575a7a93e1d68d1f0ed7f691c5b2d6e4ad995f0dc8a5e231
                                                                                                                                • Instruction Fuzzy Hash: C1116A7190424ACFCB00DF69D48099ABBF5FF88364F15856AE8588B360E379E955CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E700BE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E6FF51: sqlite3_vmprintf.SQLITE3 ref: 61E6FF65
                                                                                                                                  • Part of subcall function 61E6FF51: sqlite3_exec.SQLITE3 ref: 61E6FF96
                                                                                                                                  • Part of subcall function 61E6FF51: sqlite3_free.SQLITE3 ref: 61E6FFA1
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E70135
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_initialize.SQLITE3 ref: 61E35D48
                                                                                                                                  • Part of subcall function 61E35D42: sqlite3_vmprintf.SQLITE3 ref: 61E35D62
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E70145
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_vmprintf$sqlite3_execsqlite3_initializesqlite3_mprintfsqlite3_mutex_enter
                                                                                                                                • String ID: WITHOUT ROWID$m^a
                                                                                                                                • API String ID: 2807386540-4158389505
                                                                                                                                • Opcode ID: ed72250a308804a612ab296361e36827c894842803cf0a45d800a0104e1d7510
                                                                                                                                • Instruction ID: 0701b99faab43d02254fa5d5f5ea80c9ff5c7c3b434c383882c54d42322c671b
                                                                                                                                • Opcode Fuzzy Hash: ed72250a308804a612ab296361e36827c894842803cf0a45d800a0104e1d7510
                                                                                                                                • Instruction Fuzzy Hash: E611BDB5A083059FCB00DF69D48565ABBE4EF88254F60C82EF898CB310E335D946CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E291AE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E290A2: sqlite3_log.SQLITE3(?,?,?,?,?,61E29155), ref: 61E290DD
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E291E1
                                                                                                                                • sqlite3_value_text.SQLITE3 ref: 61E291FA
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E29214
                                                                                                                                  • Part of subcall function 61E261BD: sqlite3_log.SQLITE3 ref: 61E261E6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_log$sqlite3_mutex_entersqlite3_mutex_leavesqlite3_value_text
                                                                                                                                • String ID: out of memory
                                                                                                                                • API String ID: 645246966-2599737071
                                                                                                                                • Opcode ID: 64178b242298751d19fc1b40bb836bd4d845366f12dde2559f1961ef26d1cce4
                                                                                                                                • Instruction ID: cf8efd7222f654d060df946201a632d0a342ba1eae468d861af0ce06c6fd10b2
                                                                                                                                • Opcode Fuzzy Hash: 64178b242298751d19fc1b40bb836bd4d845366f12dde2559f1961ef26d1cce4
                                                                                                                                • Instruction Fuzzy Hash: 3D01AD71E087494BDB009FE9E8E0609B7F4AB49308F28D079DC498F305E731D8918B80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E01440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                • String ID: _Jv_RegisterClasses$libgcj-16.dll
                                                                                                                                • API String ID: 1646373207-328863460
                                                                                                                                • Opcode ID: cfd97c8e4753badbffa1592960c83874e6d56a03cb37ccd4ac8145c216be3efc
                                                                                                                                • Instruction ID: 5033eb3355296fa3304a93ff76f0741f31e420b09ca92e533602088a1642ebb1
                                                                                                                                • Opcode Fuzzy Hash: cfd97c8e4753badbffa1592960c83874e6d56a03cb37ccd4ac8145c216be3efc
                                                                                                                                • Instruction Fuzzy Hash: EDE065B42147028BE7107FA9840632DBAB9AFC1709FB2C81CD485962A0E634C491C773
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E1F400 Relevance: 6.2, APIs: 4, Instructions: 228COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E1F467
                                                                                                                                  • Part of subcall function 61E18169: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17E42,?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E18171
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E1F57E
                                                                                                                                • sqlite3_result_error_code.SQLITE3 ref: 61E1F6A1
                                                                                                                                • sqlite3_result_double.SQLITE3 ref: 61E1F6B6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_result_doublesqlite3_result_error_code
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4229029058-0
                                                                                                                                • Opcode ID: 2486a11bca929c12e9f668bd8d94ec31efbbd4bd79b47f876b840db1384d490e
                                                                                                                                • Instruction ID: 2ab111d007c3748ff33216c67df82f87a39ad49aedd5f3a1e57a7630719e76ff
                                                                                                                                • Opcode Fuzzy Hash: 2486a11bca929c12e9f668bd8d94ec31efbbd4bd79b47f876b840db1384d490e
                                                                                                                                • Instruction Fuzzy Hash: BAA119B0A08609DFCB01DF69C584A8EBBF1FF88314F218929E859D7364EB34D955CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E856EC Relevance: 6.2, APIs: 4, Instructions: 171COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E85457
                                                                                                                                • sqlite3_result_error_code.SQLITE3 ref: 61E85495
                                                                                                                                • sqlite3_malloc.SQLITE3 ref: 61E85712
                                                                                                                                  • Part of subcall function 61E18169: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17E42,?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E18171
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E8585F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_resetsqlite3_result_error_code
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 188793787-0
                                                                                                                                • Opcode ID: d0a86e09f77ef90486177ba8f6b7ab590fa863dc7ad87eee318ea4776819967d
                                                                                                                                • Instruction ID: c1199e7110298ddbaae436749343c72843fb5148135c28c3bd2e456a80696418
                                                                                                                                • Opcode Fuzzy Hash: d0a86e09f77ef90486177ba8f6b7ab590fa863dc7ad87eee318ea4776819967d
                                                                                                                                • Instruction Fuzzy Hash: F1610270E05219CFDB50CFA8C88469DFBB1BF48309F25C56AD85AAB251DB34E985CF40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E5D9C4 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_reset$sqlite3_mutex_leavesqlite3_value_text
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 810107871-0
                                                                                                                                • Opcode ID: d0e03c4587789aec08453da34459e175fae5aa46e9570a6ee5fec669ea019340
                                                                                                                                • Instruction ID: d08e8bfa0c310aa105f5fafe17c887c98b65f90c297ac505388140a6aa466ed7
                                                                                                                                • Opcode Fuzzy Hash: d0e03c4587789aec08453da34459e175fae5aa46e9570a6ee5fec669ea019340
                                                                                                                                • Instruction Fuzzy Hash: 38515978A082558FDB50CF18C480B99BBF2BB89314F29C1E9E84C9B356D775D990CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E2560C Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_value_blob
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3596987688-0
                                                                                                                                • Opcode ID: 1b186e69f68a455144d35664390ff5d514038530422e2486d356ad7488e23b72
                                                                                                                                • Instruction ID: 03110259eced41d70d428699ea414711cfd047da0ae9f3e8db6b0afc88f9d7cd
                                                                                                                                • Opcode Fuzzy Hash: 1b186e69f68a455144d35664390ff5d514038530422e2486d356ad7488e23b72
                                                                                                                                • Instruction Fuzzy Hash: C731B2B1A083469FC700DF69C58169EBBF4BF89364F24C92DE4A8D7350D738D9518B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E2338E Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_win32_is_nt.SQLITE3 ref: 61E23404
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E2349C
                                                                                                                                • sqlite3_snprintf.SQLITE3 ref: 61E234BC
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E234C4
                                                                                                                                  • Part of subcall function 61E11BEE: sqlite3_free.SQLITE3 ref: 61E11C94
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_snprintf$sqlite3_win32_is_nt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4082161338-0
                                                                                                                                • Opcode ID: 3c038c01a38fdcf3c5cdd34552498faa2dd50b330564f1c570d3c7aa641c4ed5
                                                                                                                                • Instruction ID: 68de04394e30ea558556be25f98cbd7fe2313236ef4e14374d8a66734b329336
                                                                                                                                • Opcode Fuzzy Hash: 3c038c01a38fdcf3c5cdd34552498faa2dd50b330564f1c570d3c7aa641c4ed5
                                                                                                                                • Instruction Fuzzy Hash: 9931BFB09183469FDB00EFA9D45475EBBF4AF89758F20C81DE49897340EB78C5458F92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E7437B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E74393
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E743A7
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_enter.SQLITE3 ref: 61E55292
                                                                                                                                  • Part of subcall function 61E55275: sqlite3_mutex_leave.SQLITE3 ref: 61E55313
                                                                                                                                • sqlite3_column_int64.SQLITE3 ref: 61E743BC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_column_int64sqlite3_mutex_entersqlite3_mutex_leavesqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3429445273-0
                                                                                                                                • Opcode ID: beaafa0620176c1a162296a8e5e81de2efbc135939cc1f2f2461aad9177887d6
                                                                                                                                • Instruction ID: e392f6591de89259512578d02688eaadd15e85f90e5dd7f2268c0a7c94ecaa07
                                                                                                                                • Opcode Fuzzy Hash: beaafa0620176c1a162296a8e5e81de2efbc135939cc1f2f2461aad9177887d6
                                                                                                                                • Instruction Fuzzy Hash: 06310BB09092949BEF25DFA4C0C4749BBB0AF55708F24C59EDC984F70AE375E484DBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E8337E Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E80AF2: sqlite3_bind_int.SQLITE3 ref: 61E80B9F
                                                                                                                                  • Part of subcall function 61E80AF2: sqlite3_step.SQLITE3 ref: 61E80BAA
                                                                                                                                  • Part of subcall function 61E80AF2: sqlite3_column_int.SQLITE3 ref: 61E80BC2
                                                                                                                                  • Part of subcall function 61E80AF2: sqlite3_reset.SQLITE3 ref: 61E80BE9
                                                                                                                                • sqlite3_set_last_insert_rowid.SQLITE3 ref: 61E8345C
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_mprintf.SQLITE3 ref: 61E6C71E
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_prepare_v3.SQLITE3 ref: 61E6C798
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_free.SQLITE3 ref: 61E6C7A6
                                                                                                                                  • Part of subcall function 61E6C6C1: sqlite3_bind_value.SQLITE3 ref: 61E6C7F0
                                                                                                                                • sqlite3_step.SQLITE3 ref: 61E833ED
                                                                                                                                • sqlite3_column_int.SQLITE3 ref: 61E83405
                                                                                                                                  • Part of subcall function 61E16787: sqlite3_value_int.SQLITE3 ref: 61E1679C
                                                                                                                                • sqlite3_reset.SQLITE3 ref: 61E83412
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_column_intsqlite3_resetsqlite3_step$sqlite3_bind_intsqlite3_bind_valuesqlite3_freesqlite3_mprintfsqlite3_prepare_v3sqlite3_set_last_insert_rowidsqlite3_value_int
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1089285795-0
                                                                                                                                • Opcode ID: b40a6d86ad0a5cecc3d39e360e6d3b6e90964b0949d6ef3b17840c86769f607a
                                                                                                                                • Instruction ID: e07285e0d18b300a16615980313967e2618fd9d615945d75601d1c87d91830be
                                                                                                                                • Opcode Fuzzy Hash: b40a6d86ad0a5cecc3d39e360e6d3b6e90964b0949d6ef3b17840c86769f607a
                                                                                                                                • Instruction Fuzzy Hash: 9F217CB9A002458BDB80DFA9D480A5DFBF5AF88258F61C47AEC48DB311E735DC428B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E720D6 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_column_blobsqlite3_column_bytessqlite3_column_int64sqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2186805513-0
                                                                                                                                • Opcode ID: 54ffbf5722d4590a211e2b56a12075977cecb1e616b128fe680f4cc354565043
                                                                                                                                • Instruction ID: 94ecf2c5096b3df5753c1c58408d6561461d0ea3a78c6b6e62b5a8d846bfeb30
                                                                                                                                • Opcode Fuzzy Hash: 54ffbf5722d4590a211e2b56a12075977cecb1e616b128fe680f4cc354565043
                                                                                                                                • Instruction Fuzzy Hash: 1B21F07490460A9FCB14DFB9D4C4A8EBBF0BB88318F20886AE9459B310E375E845CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E704B5 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_column_int64sqlite3_mprintfsqlite3_resetsqlite3_step
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2223235517-0
                                                                                                                                • Opcode ID: e215927976711f389da5a85e7d3e745e22326e567720e3990c549cd3da5d3a78
                                                                                                                                • Instruction ID: e5d0510a71836a249e6186419ad9a71fd0df47a2cb7fc15a45ba69b8dc0244e4
                                                                                                                                • Opcode Fuzzy Hash: e215927976711f389da5a85e7d3e745e22326e567720e3990c549cd3da5d3a78
                                                                                                                                • Instruction Fuzzy Hash: BF015E756052008FDB20DF79D584656BFE5AF89308F25886DD948CB315F672D801CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E895FE Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_initialize.SQLITE3 ref: 61E8960A
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E17CB9
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F87), ref: 61E17CED
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E17FB6
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E89624
                                                                                                                                • sqlite3_realloc64.SQLITE3 ref: 61E89659
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E89681
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_realloc64
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1177761455-0
                                                                                                                                • Opcode ID: 2c4685d00f118f7eeb45e1d6885cd5a7d26191a9f02857a8dc90edb245627f9b
                                                                                                                                • Instruction ID: 33628281d0a8b21cec178b912d2cfe35a22ca91c9d69e1dcc09ba01cb1a18614
                                                                                                                                • Opcode Fuzzy Hash: 2c4685d00f118f7eeb45e1d6885cd5a7d26191a9f02857a8dc90edb245627f9b
                                                                                                                                • Instruction Fuzzy Hash: 3C018C70A087419FEB009FA9C4406157AE8EBCA34CF248A3DE5498B310E735D451DB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E8A6D0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __dllonexit_lock_onexit_unlock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 209411981-0
                                                                                                                                • Opcode ID: ede174585b6248e10c2d3148f701dc824cd2cc4363792a2286bcac87b8d8c949
                                                                                                                                • Instruction ID: 21fe4d436783c240dd83b261b79ffcdfe16466101745f15d1bc2afb3f2018fad
                                                                                                                                • Opcode Fuzzy Hash: ede174585b6248e10c2d3148f701dc824cd2cc4363792a2286bcac87b8d8c949
                                                                                                                                • Instruction Fuzzy Hash: F21172B49197429FCB40EFB4C48451EBBE0AB89255F158D2EF4D9D7350E739D4888B82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E39083 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_vmprintf.SQLITE3 ref: 61E390A4
                                                                                                                                  • Part of subcall function 61E352A6: sqlite3_initialize.SQLITE3 ref: 61E352AC
                                                                                                                                • sqlite3_mprintf.SQLITE3 ref: 61E390CE
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E390D9
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E390EC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_free$sqlite3_initializesqlite3_mprintfsqlite3_vmprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 690915108-0
                                                                                                                                • Opcode ID: f51ca0d76915c4a45b8f7dfbd723a7ae2921dc6eca52f759abd49342d1d6c611
                                                                                                                                • Instruction ID: dd8c7c4a48b5f79399890c9aaac8b0f87337fb0e61530048b41ec1c8726f00a6
                                                                                                                                • Opcode Fuzzy Hash: f51ca0d76915c4a45b8f7dfbd723a7ae2921dc6eca52f759abd49342d1d6c611
                                                                                                                                • Instruction Fuzzy Hash: F1017D709043569BDB409FB9D48465ABBE4AF84754F60882DE99887340E735D451CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E180C2 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_vfs_register.SQLITE3 ref: 61E180F2
                                                                                                                                  • Part of subcall function 61E1805F: sqlite3_initialize.SQLITE3(?,?,61E180F7), ref: 61E1806A
                                                                                                                                  • Part of subcall function 61E1805F: sqlite3_mutex_enter.SQLITE3(?,?,61E180F7), ref: 61E18082
                                                                                                                                  • Part of subcall function 61E1805F: sqlite3_mutex_leave.SQLITE3(?), ref: 61E180B4
                                                                                                                                • sqlite3_vfs_register.SQLITE3 ref: 61E18106
                                                                                                                                • sqlite3_vfs_register.SQLITE3 ref: 61E1811A
                                                                                                                                • sqlite3_vfs_register.SQLITE3 ref: 61E1812E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_vfs_register$sqlite3_initializesqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2202970011-0
                                                                                                                                • Opcode ID: c2e0b6f656ce6a4bdf8ca960c416093cb42a9a0b36ecaa720a6e30b9fce2462a
                                                                                                                                • Instruction ID: 4413169d9b9a7eb469880b520c63c8948729014befb53d6f03a5c5a753b7837f
                                                                                                                                • Opcode Fuzzy Hash: c2e0b6f656ce6a4bdf8ca960c416093cb42a9a0b36ecaa720a6e30b9fce2462a
                                                                                                                                • Instruction Fuzzy Hash: 97F0DAF01086459BE7807F69C50771ABAE6AB86708F21CC1DD18887286C7BAD9449B63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E89690 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sqlite3_initialize.SQLITE3 ref: 61E89697
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E17CB9
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F87), ref: 61E17CED
                                                                                                                                  • Part of subcall function 61E17C82: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E773), ref: 61E17FB6
                                                                                                                                • sqlite3_mutex_enter.SQLITE3 ref: 61E896AF
                                                                                                                                • sqlite3_free.SQLITE3 ref: 61E896BC
                                                                                                                                  • Part of subcall function 61E096C0: sqlite3_mutex_enter.SQLITE3 ref: 61E096DF
                                                                                                                                • sqlite3_mutex_leave.SQLITE3 ref: 61E896D8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_mutex_enter$sqlite3_mutex_leave$sqlite3_configsqlite3_freesqlite3_initialize
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3512769177-0
                                                                                                                                • Opcode ID: aad6b0655b3011af500870d7390dce9949fe87f22f7cf711edd1919825ace2eb
                                                                                                                                • Instruction ID: 11e4e1c003350fb8e1fe388c652ae97f85edc6f579db1f6395bd1bc257e48d92
                                                                                                                                • Opcode Fuzzy Hash: aad6b0655b3011af500870d7390dce9949fe87f22f7cf711edd1919825ace2eb
                                                                                                                                • Instruction Fuzzy Hash: 83E04FB45187458BDB007FF8C4853197AECAB8630DF65492DE5498B301E779C4A0C752
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E5F0F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 176COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 61E03998: sqlite3_stricmp.SQLITE3 ref: 61E039C5
                                                                                                                                  • Part of subcall function 61E03998: sqlite3_stricmp.SQLITE3 ref: 61E039DD
                                                                                                                                • sqlite3_strnicmp.SQLITE3 ref: 61E5F180
                                                                                                                                  • Part of subcall function 61E03DAE: sqlite3_stricmp.SQLITE3 ref: 61E03DE1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_stricmp$sqlite3_strnicmp
                                                                                                                                • String ID: no such table$no such view
                                                                                                                                • API String ID: 2198927396-301769730
                                                                                                                                • Opcode ID: bfb112a3e1b932d09ba58af702fb1eb40cf12fe610e06291899ea44923dc1a13
                                                                                                                                • Instruction ID: 8696a8bb6f458490e498574b91fc0b9b8bbd01d0677194aec1d2d8b097008ffc
                                                                                                                                • Opcode Fuzzy Hash: bfb112a3e1b932d09ba58af702fb1eb40cf12fe610e06291899ea44923dc1a13
                                                                                                                                • Instruction Fuzzy Hash: D3611974B043459BDB40DFA9C890A9EBBF1AF88348F20C92DE859DB351D735E851CB41
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E06734 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_strnicmp
                                                                                                                                • String ID: '$null
                                                                                                                                • API String ID: 1961171630-2611297978
                                                                                                                                • Opcode ID: b650fba441ea47c64e38311d07472a60ede503365ae90019f579b99e2477c240
                                                                                                                                • Instruction ID: 572c3ad4eee54a312dda7dc0d754bbd11f6e531af873beb68190ffb95bbdda3c
                                                                                                                                • Opcode Fuzzy Hash: b650fba441ea47c64e38311d07472a60ede503365ae90019f579b99e2477c240
                                                                                                                                • Instruction Fuzzy Hash: 84310FA0B482D64FF70089B4C4A5392FBD36B8E31FFBCC164C5444A39AF629D5E58752
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E65381 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_freesqlite3_mprintf
                                                                                                                                • String ID: f:a
                                                                                                                                • API String ID: 1840970956-2940110011
                                                                                                                                • Opcode ID: 96d5441b460d074fae543bf9c787e2a2d7f6ff296c9cf240e2f0fde4b6ac9c63
                                                                                                                                • Instruction ID: 7fac98c212e8dfd040761de20b25aa904b4e9a7eef1d60d695159717aed042ce
                                                                                                                                • Opcode Fuzzy Hash: 96d5441b460d074fae543bf9c787e2a2d7f6ff296c9cf240e2f0fde4b6ac9c63
                                                                                                                                • Instruction Fuzzy Hash: 21214770A852848FDB00DF98D48079DBBF8AF89349F74C469E0458B35AD779D989CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E65411 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: f:a
                                                                                                                                • API String ID: 0-2940110011
                                                                                                                                • Opcode ID: 3347941f5965828dec18fc9dc739d75fa7c11fa0843b581935bee8f4489fffb5
                                                                                                                                • Instruction ID: 03f08fced938fe1e87a985bd3b536411878a9d5b4f723cd0b8037c25a37955c6
                                                                                                                                • Opcode Fuzzy Hash: 3347941f5965828dec18fc9dc739d75fa7c11fa0843b581935bee8f4489fffb5
                                                                                                                                • Instruction Fuzzy Hash: 8C117670A89244CFDB00DF98D48078CBBB8BF89309F60C4AAE4468B355D338D885CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E1F201 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_value_int
                                                                                                                                • String ID: za
                                                                                                                                • API String ID: 940139405-1034650637
                                                                                                                                • Opcode ID: 51daa979643d301700d5d378529b9428b34b477eba16841caf6fcba3de8208cb
                                                                                                                                • Instruction ID: e3b6c26052a0aa503f397e173426e52a6ecaf45e6c15bd7fb5add3ff7b1660b7
                                                                                                                                • Opcode Fuzzy Hash: 51daa979643d301700d5d378529b9428b34b477eba16841caf6fcba3de8208cb
                                                                                                                                • Instruction Fuzzy Hash: E501677590424A9BCB00DF69D48548AB7F5FB89370B20C526E8688B340D335D995CBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E03998 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_stricmp
                                                                                                                                • String ID: main
                                                                                                                                • API String ID: 912767213-3207122276
                                                                                                                                • Opcode ID: 0af8ed5a95cbb663e54544405353ad29f153f02dbf16bea554aaa130253495e8
                                                                                                                                • Instruction ID: 7f3750d3040981cf2ab57f94911a02fcac9cbf20d81c1035d8e45f78005b99ca
                                                                                                                                • Opcode Fuzzy Hash: 0af8ed5a95cbb663e54544405353ad29f153f02dbf16bea554aaa130253495e8
                                                                                                                                • Instruction Fuzzy Hash: 44F0FC726083005FB3009EAA9585D16BBECEE9022ABB9C63FDDA487388D632D414C561
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 61E261BD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.1911069985.0000000061E01000.00000020.00000001.01000000.00000009.sdmp, Offset: 61E00000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.1911041822.0000000061E00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912004721.0000000061E8E000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912028934.0000000061E8F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912072646.0000000061E90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912196059.0000000061EA0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912233024.0000000061EA2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912263050.0000000061EA5000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.1912298748.0000000061EA6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_61e00000_PCCNotifications.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sqlite3_log
                                                                                                                                • String ID: !a$(a
                                                                                                                                • API String ID: 632333372-2452939323
                                                                                                                                • Opcode ID: 9f69479431243577db74cbfa4a23087cb2e6acdd75e6fd730d677cf6ffe6d911
                                                                                                                                • Instruction ID: 1a6bd0c09b8898eb7e15ba21e33f0728770b894cae4a5a40598d1b185cc8d2f6
                                                                                                                                • Opcode Fuzzy Hash: 9f69479431243577db74cbfa4a23087cb2e6acdd75e6fd730d677cf6ffe6d911
                                                                                                                                • Instruction Fuzzy Hash: 60D092B00093899BCB00EF59E84330EBAE8AB85705FA1DD1CA4989A281D3B4E4409B43
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%